From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Qu7eS-0007AG-6a for garchives@archives.gentoo.org; Thu, 18 Aug 2011 18:49:17 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 45B9621C237; Thu, 18 Aug 2011 18:49:03 +0000 (UTC) Received: from mail-fx0-f53.google.com (mail-fx0-f53.google.com [209.85.161.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 3A9A721C1CD for ; Thu, 18 Aug 2011 18:48:10 +0000 (UTC) Received: by fxd23 with SMTP id 23so1830971fxd.40 for ; Thu, 18 Aug 2011 11:48:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=PB5SzeisgyiwOkKjkEQOXtI5tGXREduQ1TBBv+PUlSw=; b=N6SQhBjZc67fPxzTJedJ84nxN64iIMyEKufP2kpYgFUuEDcMX/kZS0IUWxq1+CiNYm z7LGGw9kxLidn0ghl+6BrFJxBbgS68yp72Fn1jT4kNIz0QaqY+u7k8OXsWFXM74ozbgF gEXDt1YaKOQnPUzr7dYazhtvebVHbVXWga9f8= Received: by 10.223.30.214 with SMTP id v22mr1506945fac.108.1313693290456; Thu, 18 Aug 2011 11:48:10 -0700 (PDT) Received: from [10.0.0.11] ([88.151.72.114]) by mx.google.com with ESMTPS id p3sm1947689faa.9.2011.08.18.11.48.09 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 18 Aug 2011 11:48:09 -0700 (PDT) Message-ID: <4E4D5E39.30401@gmail.com> Date: Thu, 18 Aug 2011 20:47:21 +0200 From: Jarry User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Running HTTP and DNS on same machine References: <4E4D4B5D.4090107@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: 71677ad8a00ccde49e13182f2303380d On 18-Aug-11 20:22, Grant wrote: >>>> Just to counter all of the scary stories, >> >> I do run dns with www on the same server (in addition to ftp, >> mail, and a few more things), but each of those services in >> its own vserver-guest... > > Are those vserver-guest instances for security? I didn't know people > used those for each service they run on the same machine. It is a kind of "better chroot". Some services are not easy to make running chrooted but can still run in vserver guest. I think it is good to have services running separated. If one of them gets compromised, others still keep running. One more extra layer of security, worth trying. The only service I'm running on "master-server" (host) is ssh on non-standard port, with pretty tight firewall rules... Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.