subject:"Bind DNS servers\: can they coexist with httpd and mail servers\?"

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Tom Browder

On Wed, Jul 19, 2017 at 9:34 AM, John Miller  wrote:
> In some cases, running BIND on a web server is exactly what you'd want
> to be doing anyway for its caching function.  If you're doing reverse
...
> Of course, you don't have to use BIND to get the benefits of a caching
> NS, but if you need to run BIND anyway

I meant to say I intend to run as an authoritative DNS server for my
personal domains.

I assume Reindl's answer is still valid.

BTW, anything special I need for the bind service file?

Thanks, John

-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread John Miller

In some cases, running BIND on a web server is exactly what you'd want
to be doing anyway for its caching function.  If you're doing reverse
lookups of IPs or something like that for your Apache logs (I'd
recommend against that, BTW), then you'll save yourself a whole lot of
DNS traffic by running a caching nameserver on the same machine as
Apache.

For a mail server, this is an even better idea: mail servers almost
always do reverse lookups on IP addresses to see if the PTR record
matches what the sender provides in their EHLO.  If you have 20k
e-mails coming from Gmail, for example, no sense in doing the DNS
lookup 20k times.

Of course, you don't have to use BIND to get the benefits of a caching
NS, but if you need to run BIND anyway

John

On Wed, Jul 19, 2017 at 6:37 AM, Tom Browder  wrote:
> I want to host my own DNS servers, but I need the master to share Bind with
> other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.
>
> Is there any reason that is not possible?
>
> If not, are there any problems or configuration issues I will need to
> address?
>
> Thanks.
>
> With warmest regards,
>
> -Tom
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
John Miller
Systems Engineer
Brandeis University
johnm...@brandeis.edu
(781) 736-4619
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Ray Bellis

On 19/07/2017 11:53, Tony Finch wrote:

> It's how we did things in the 1990s :-)

Yup - in '96 I was running the entire set of customer-facing services
for a newly-formed ISP on a single Alpha workstation :)

Ray


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Reindl Harald




Am 19.07.2017 um 12:53 schrieb Tony Finch:

Tom Browder  wrote:


I want to host my own DNS servers, but I need the master to share Bind with
other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.


It's how we did things in the 1990s :-)


and thanks systemd we can do that these days too with a better security :-)

[root@rh:~]$ cat /usr/lib/systemd/system/httpd.service
[Unit]
Description=Apache Webserver
After=network.service systemd-networkd.service network-online.target 
mysqld.service


[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/httpd
Environment="PATH=/usr/bin:/usr/sbin"
ExecStart=/usr/sbin/httpd $OPTIONS -D FOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
Restart=always
RestartSec=1
UMask=006
TasksMax=1024

PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE 
CAP_SETGID CAP_SETUID

RestrictAddressFamilies=AF_INET AF_INET6 AF_LOCAL AF_UNIX
RestrictRealtime=yes
SystemCallArchitectures=x86-64
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount 
@obsolete @raw-io @reboot @resources @swap acct modify_ldt add_key 
adjtimex clock_adjtime delete_module fanotify_init finit_module 
get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup 
io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind 
migrate_pages mount move_pages open_by_handle_at perf_event_open 
pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages 
request_key set_mempolicy swapoff swapon umount2 uselib vmsplice


ReadOnlyDirectories=/
ReadWriteDirectories=-/run
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/Volumes/dune/modsec-upload
ReadWriteDirectories=-/Volumes/dune/tmp
ReadWriteDirectories=-/Volumes/dune/www-servers
ReadWriteDirectories=-/data/www
ReadWriteDirectories=-/mnt/data/www
ReadWriteDirectories=-/data/xdebug
ReadWriteDirectories=-/mnt/data/xdebug
ReadWriteDirectories=-/var/cache/mailgraph
ReadWriteDirectories=-/var/lib/smokeping
ReadWriteDirectories=-/var/log
ReadWriteDirectories=-/var/www/sessiondata
ReadWriteDirectories=-/var/www/sessiondata-phpmyadmin
ReadWriteDirectories=-/var/www/uploadtemp
ReadWriteDirectories=-/var/www/uploadtemp-phpmyadmin
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Tony Finch

Tom Browder  wrote:

> I want to host my own DNS servers, but I need the master to share Bind with
> other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.

It's how we did things in the 1990s :-)

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
South Biscay: Southwesterly 5 or 6, veering northwesterly 4 or 5. Moderate.
Showers. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Tom Browder

On Wed, Jul 19, 2017 at 05:42 Reindl Harald  wrote:

> Am 19.07.2017 um 12:37 schrieb Tom Browder:
> > I want to host my own DNS servers, but I need the master to share Bind
> > with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.



> besides the typical security considerations (what if your webserver get
> compromised since it's the greatest attack vector) - no - named don't
> even know that there are other services nor is it relevant from the
> outside - DNS is just port 53 UDP/TCP and that's it


Thank you, Reindl.

Best regards,

-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Reindl Harald




Am 19.07.2017 um 12:37 schrieb Tom Browder:
I want to host my own DNS servers, but I need the master to share Bind 
with other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.


Is there any reason that is not possible?

If not, are there any problems or configuration issues I will need to 
address?


besides the typical security considerations (what if your webserver get 
compromised since it's the greatest attack vector) - no - named don't 
even know that there are other services nor is it relevant from the 
outside - DNS is just port 53 UDP/TCP and that's it


written from a development machine running named with several 
mysqld-instances, webservers, virtual machines and a ton of other 
networkservices from routing to firewalls up to two hostapd-instances to 
provide WLAN for smartphones

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind DNS servers: can they coexist with httpd and mail servers?

2017-07-19 Thread Tom Browder

I want to host my own DNS servers, but I need the master to share Bind with
other services, specifically Apache 2.4, Postfix 3.3, and Mailman 3.

Is there any reason that is not possible?

If not, are there any problems or configuration issues I will need to
address?

Thanks.

With warmest regards,

-Tom
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Re: Bind DNS servers: can they coexist with httpd and mail servers?

Bind DNS servers: can they coexist with httpd and mail servers?

8 matches

Site Navigation

Mail list logo

Footer information