LFS Paper on Secure Servers

Bruce Dubbs bdubbs at swbell.net
Sat Oct 2 16:16:33 PDT 2004


EC wrote:

>Hello Bruce, as I already said this is a very good document. Though it's an
>old message, I am still looking at it from time to time. At the time I
>suggested grsecurity patch (not necessarily the ACL), postfix/qmail since
>the document seems security oriented. 
>I do have a question: you said sendmail was chosen in order to use same tool
>as other servers in you system. Is BIND a same kind choice ? Did you
>consider DJBDNS ?
>  
>

Primarily, I used BIND because I was familiar with it.  There is also 
extensive documentation for it.  I don't know if DJBDNS supports a split 
model (recursive inside, non-recursive outside) or not. I was (and still 
am) also considering integration of dhcp and BIND.  Again, I don't know 
if DJB supports this or not.

 I also did a check on BIND and found no security issues reported of the 
last two years.  That indicates a pretty solid package to me, especially 
for one so well known.

   -- Bruce






More information about the lfs-security mailing list