On 4/27/21 10:24 AM, Kevin A. McGrail wrote:
Agreed on the OT and good subject change.
:-)
For me, I wouldn't bind DNS to the eth0, just another attack surface hence I would use local loopback.
I think the main reason to bind to eth0 / LAN is for when there are multiple (mail) servers that can benefit from a common instance of BIND. As opposed to having a dedicated instance of BIND on lo per (mail) server.
Having a DNS on the lan is good too but caching on any mail server is good.
Do you think that per (mail) server instances of BIND are worth the additional administrative overhead as compared to more central shared instances?
E.g. if you had 29 mail servers, would you run BIND on each of their lo's? Or would you use a small number of central / shared / redundant servers?
There are a lot of DNS queries for email and anti-spam.
Yep.
But the key takeaway is don't use something like quad-8.
}:-) -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
