[External] Re: How can I launch a private Internet DNS server?
Michael De Roover
isc at nixmagic.com
Thu Oct 15 19:26:23 UTC 2020
I would run a firewall even for BIND alone on a box in case the box
gets compromised through BIND. Allowing remote access and DNS, then
dropping everything else as the general firewall policy should be
pretty straightforward. But with the IP on this particular BIND box
being public, it's really like any other server on the internet. Port
forwarding or NAT in that case would be unnecessary.
On Thu, 2020-10-15 at 21:01 +0200, Stephane Bortzmeyer wrote:
> On Thu, Oct 15, 2020 at 02:03:52PM -0400,
> Kevin A. McGrail <kmcgrail at pccc.com> wrote
> a message of 8 lines which said:
>
> > Firewalls are cheap and the level of effort to run a bastion host
> > are
> > significant.
>
> Firewalls are useful when you want to protect unamanaged printers and
> Windows boxes (or Web servers with a lot of crappy PHP) but a BIND
> server on a reasonably managed Unix box do not need them.
>
--
Michael De Roover <isc at nixmagic.com>
More information about the bind-users
mailing list