From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-127066-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Qu7Bk-0006Y9-M4
	for garchives@archives.gentoo.org; Thu, 18 Aug 2011 18:19:32 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9AE2421C113;
	Thu, 18 Aug 2011 18:19:14 +0000 (UTC)
Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26])
	by pigeon.gentoo.org (Postfix) with ESMTP id A9E4A21C0AA
	for <gentoo-user@lists.gentoo.org>; Thu, 18 Aug 2011 18:18:11 +0000 (UTC)
Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43])
	by gateway1.messagingengine.com (Postfix) with ESMTP id 65ABD2380A
	for <gentoo-user@lists.gentoo.org>; Thu, 18 Aug 2011 14:18:11 -0400 (EDT)
Received: from frontend1.messagingengine.com ([10.202.2.160])
  by compute3.internal (MEProxy); Thu, 18 Aug 2011 14:18:11 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=message-id:date:from:mime-version:to
	:subject:references:in-reply-to:content-type; s=smtpout; bh=uu6o
	LCT8Nul9Hd78qSurnQXtvOg=; b=XX2ieob05NJW41RJ8M9PAF49gjLKPHvCjhWM
	8ATHDH/EAuCVb31M4OoERjDdDLX8ETEsPcOB+5tK3uqrDioTaYFAkval91YacKc7
	nyqPVXDIgbw76tEwwmXJQ/SBEwP737/TaaScZp/GulM9np1EKDfGWv0jYsGdHnmj
	GpW/HIk=
X-Sasl-enc: AqpBv8TZJfITsk5myb4254Ulyb1hxZ5sBgmJEAptATWb 1313691490
Received: from [192.168.5.18] (serv.binarywings.net [83.169.5.6])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 43FBF41FB1F
	for <gentoo-user@lists.gentoo.org>; Thu, 18 Aug 2011 14:18:10 -0400 (EDT)
Message-ID: <4E4D5757.9050006@binarywings.net>
Date: Thu, 18 Aug 2011 20:17:59 +0200
From: Florian Philipp <lists@binarywings.net>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110730 Lightning/1.0b3pre Thunderbird/3.1.10
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Running HTTP and DNS on same machine
References: <CAN0CFw0FU_zdDNAe4VazPMM=AJ04h7ZkfmHQK=Qxt2GGV_swVg@mail.gmail.com>	<CA+czFiAshP0rjvje3ht7LKmbbm9nnpG5RPoEkmDu9U-bzOXt3w@mail.gmail.com>	<2014422.cuJOgXTDR9@nazgul> <CA+czFiBszrMHDXuyo94pRXTDtCfvAOjW44emHMs8UWoceakb8w@mail.gmail.com>
In-Reply-To: <CA+czFiBszrMHDXuyo94pRXTDtCfvAOjW44emHMs8UWoceakb8w@mail.gmail.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig0899B92C03699531B86DF4AF"
X-Archives-Salt: 
X-Archives-Hash: 826c99094a72e2ed0d20a521a8f619f0

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig0899B92C03699531B86DF4AF
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Am 18.08.2011 03:35, schrieb Michael Mol:
> On Wed, Aug 17, 2011 at 5:53 PM, Alan McKinnon <alan.mckinnon@gmail.com=
> wrote:
>> On Wed 17 August 2011 17:23:41 Michael Mol did opine thusly:
>>> On Wed, Aug 17, 2011 at 4:56 PM, Grant <emailgrant@gmail.com> wrote:
>>>> I currently use a free service to host the DNS records for my
>>>> website, but I'm thinking of running a DNS server on the same
>>>> machine that runs my website instead.  Would that be fairly
>>>> trivial to set up and maintain?  If so, which package should I
>>>> use?
>>>
>>> ISC bind is the de facto standard for DNS servers. I haven't
>>> administered bind on Gentoo, but on Debian, most of the problems I
>>> run into come from how Debian packages and updates configuration
>>> files.
>>>
>>> I'm not running DNS servers in any major production capacity; I've
>>> got a bind server at home linking my home domain and my employer's
>>> work domain across a VPN, and updated dynamically via a dhcpd on
>>> the same server. It's also serving as a caching recursive resolver
>>> for my home network, which was *really* necessary when I was still
>>> on AT&T. (The DSL link was dropping packets every now and again,
>>> and it's a PITA when that happens to DNS queries)
>>
>> You're running an auth server and a cache on the same machine?
>=20
> Split across a couple views, but yeah. And no recursion allowed on the =
wan side.
>=20
>>
>> At a minimum they should be on different interfaces and preferably in
>> chroots. Otherwise all manner of $BAD_STUFF happens.
>=20
> Hm. Interested.
>=20
> echo $BAD_STUFF
>=20
> (or URI)
>=20

URI: http://cr.yp.to/djbdns/separation.html

Regards,
Florian Philipp


--------------enig0899B92C03699531B86DF4AF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5NV1sACgkQqs4uOUlOuU8wZACeKvSl004s7buza4ltGgOVZsF7
NrIAn3zDEYfLuvreWxynmR9YmlKW0vf4
=BEYO
-----END PGP SIGNATURE-----

--------------enig0899B92C03699531B86DF4AF--