LFS Paper on Secure Servers
bdubbs at swbell.net
Sat Oct 2 16:16:33 PDT 2004
>Hello Bruce, as I already said this is a very good document. Though it's an
>old message, I am still looking at it from time to time. At the time I
>suggested grsecurity patch (not necessarily the ACL), postfix/qmail since
>the document seems security oriented.
>I do have a question: you said sendmail was chosen in order to use same tool
>as other servers in you system. Is BIND a same kind choice ? Did you
>consider DJBDNS ?
Primarily, I used BIND because I was familiar with it. There is also
extensive documentation for it. I don't know if DJBDNS supports a split
model (recursive inside, non-recursive outside) or not. I was (and still
am) also considering integration of dhcp and BIND. Again, I don't know
if DJB supports this or not.
I also did a check on BIND and found no security issues reported of the
last two years. That indicates a pretty solid package to me, especially
for one so well known.
More information about the lfs-security