Per server instance vs central / shared / redundant instances of BIND
gtaylor at tnetconsulting.net
Tue Apr 27 16:46:25 UTC 2021
On 4/27/21 10:24 AM, Kevin A. McGrail wrote:
> Agreed on the OT and good subject change.
> For me, I wouldn't bind DNS to the eth0, just another attack surface
> hence I would use local loopback.
I think the main reason to bind to eth0 / LAN is for when there are
multiple (mail) servers that can benefit from a common instance of BIND.
As opposed to having a dedicated instance of BIND on lo per (mail) server.
> Having a DNS on the lan is good too but caching on any mail server is
Do you think that per (mail) server instances of BIND are worth the
additional administrative overhead as compared to more central shared
E.g. if you had 29 mail servers, would you run BIND on each of their
lo's? Or would you use a small number of central / shared / redundant
> There are a lot of DNS queries for email and anti-spam.
> But the key takeaway is don't use something like quad-8.
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
More information about the bind-users