Re: Bind DNS servers: can they coexist with httpd and mail servers?
On Wed, Jul 19, 2017 at 9:34 AM, John Miller wrote: > In some cases, running BIND on a web server is exactly what you'd want > to be doing anyway for its caching function. If you're doing reverse ... > Of course, you don't have to use BIND to get the benefits of a caching > NS, but if you need to run BIND anyway I meant to say I intend to run as an authoritative DNS server for my personal domains. I assume Reindl's answer is still valid. BTW, anything special I need for the bind service file? Thanks, John -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind DNS servers: can they coexist with httpd and mail servers?
In some cases, running BIND on a web server is exactly what you'd want to be doing anyway for its caching function. If you're doing reverse lookups of IPs or something like that for your Apache logs (I'd recommend against that, BTW), then you'll save yourself a whole lot of DNS traffic by running a caching nameserver on the same machine as Apache. For a mail server, this is an even better idea: mail servers almost always do reverse lookups on IP addresses to see if the PTR record matches what the sender provides in their EHLO. If you have 20k e-mails coming from Gmail, for example, no sense in doing the DNS lookup 20k times. Of course, you don't have to use BIND to get the benefits of a caching NS, but if you need to run BIND anyway John On Wed, Jul 19, 2017 at 6:37 AM, Tom Browder wrote: > I want to host my own DNS servers, but I need the master to share Bind with > other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. > > Is there any reason that is not possible? > > If not, are there any problems or configuration issues I will need to > address? > > Thanks. > > With warmest regards, > > -Tom > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- John Miller Systems Engineer Brandeis University johnm...@brandeis.edu (781) 736-4619 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind DNS servers: can they coexist with httpd and mail servers?
On 19/07/2017 11:53, Tony Finch wrote: > It's how we did things in the 1990s :-) Yup - in '96 I was running the entire set of customer-facing services for a newly-formed ISP on a single Alpha workstation :) Ray ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind DNS servers: can they coexist with httpd and mail servers?
Am 19.07.2017 um 12:53 schrieb Tony Finch: Tom Browder wrote: I want to host my own DNS servers, but I need the master to share Bind with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. It's how we did things in the 1990s :-) and thanks systemd we can do that these days too with a better security :-) [root@rh:~]$ cat /usr/lib/systemd/system/httpd.service [Unit] Description=Apache Webserver After=network.service systemd-networkd.service network-online.target mysqld.service [Service] Type=simple EnvironmentFile=-/etc/sysconfig/httpd Environment="PATH=/usr/bin:/usr/sbin" ExecStart=/usr/sbin/httpd $OPTIONS -D FOREGROUND ExecReload=/usr/sbin/httpd $OPTIONS -k graceful Restart=always RestartSec=1 UMask=006 TasksMax=1024 PrivateTmp=yes PrivateDevices=yes NoNewPrivileges=yes CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID RestrictAddressFamilies=AF_INET AF_INET6 AF_LOCAL AF_UNIX RestrictRealtime=yes SystemCallArchitectures=x86-64 SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @resources @swap acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice ReadOnlyDirectories=/ ReadWriteDirectories=-/run ReadWriteDirectories=-/tmp ReadWriteDirectories=-/Volumes/dune/modsec-upload ReadWriteDirectories=-/Volumes/dune/tmp ReadWriteDirectories=-/Volumes/dune/www-servers ReadWriteDirectories=-/data/www ReadWriteDirectories=-/mnt/data/www ReadWriteDirectories=-/data/xdebug ReadWriteDirectories=-/mnt/data/xdebug ReadWriteDirectories=-/var/cache/mailgraph ReadWriteDirectories=-/var/lib/smokeping ReadWriteDirectories=-/var/log ReadWriteDirectories=-/var/www/sessiondata ReadWriteDirectories=-/var/www/sessiondata-phpmyadmin ReadWriteDirectories=-/var/www/uploadtemp ReadWriteDirectories=-/var/www/uploadtemp-phpmyadmin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind DNS servers: can they coexist with httpd and mail servers?
Tom Browder wrote: > I want to host my own DNS servers, but I need the master to share Bind with > other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. It's how we did things in the 1990s :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode South Biscay: Southwesterly 5 or 6, veering northwesterly 4 or 5. Moderate. Showers. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind DNS servers: can they coexist with httpd and mail servers?
On Wed, Jul 19, 2017 at 05:42 Reindl Harald wrote: > Am 19.07.2017 um 12:37 schrieb Tom Browder: > > I want to host my own DNS servers, but I need the master to share Bind > > with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. > besides the typical security considerations (what if your webserver get > compromised since it's the greatest attack vector) - no - named don't > even know that there are other services nor is it relevant from the > outside - DNS is just port 53 UDP/TCP and that's it Thank you, Reindl. Best regards, -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind DNS servers: can they coexist with httpd and mail servers?
Am 19.07.2017 um 12:37 schrieb Tom Browder: I want to host my own DNS servers, but I need the master to share Bind with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. Is there any reason that is not possible? If not, are there any problems or configuration issues I will need to address? besides the typical security considerations (what if your webserver get compromised since it's the greatest attack vector) - no - named don't even know that there are other services nor is it relevant from the outside - DNS is just port 53 UDP/TCP and that's it written from a development machine running named with several mysqld-instances, webservers, virtual machines and a ton of other networkservices from routing to firewalls up to two hostapd-instances to provide WLAN for smartphones ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind DNS servers: can they coexist with httpd and mail servers?
I want to host my own DNS servers, but I need the master to share Bind with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3. Is there any reason that is not possible? If not, are there any problems or configuration issues I will need to address? Thanks. With warmest regards, -Tom ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users