Per server instance vs central / shared / redundant instances of BIND

Grant Taylor gtaylor at
Tue Apr 27 16:46:25 UTC 2021

On 4/27/21 10:24 AM, Kevin A. McGrail wrote:
> Agreed on the OT and good subject change.


> For me, I wouldn't bind DNS to the eth0, just another attack surface 
> hence I would use local loopback.

I think the main reason to bind to eth0 / LAN is for when there are 
multiple (mail) servers that can benefit from a common instance of BIND. 
  As opposed to having a dedicated instance of BIND on lo per (mail) server.

> Having a DNS on the lan is good too but caching on any mail server is 
> good.

Do you think that per (mail) server instances of BIND are worth the 
additional administrative overhead as compared to more central shared 

E.g. if you had 29 mail servers, would you run BIND on each of their 
lo's?  Or would you use a small number of central / shared / redundant 

> There are a lot of DNS queries for email and anti-spam.


> But the key takeaway is don't use something like quad-8.


Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the bind-users mailing list