Should DNS be on same server as webserver?

Steve Bertrand steve at
Tue Jul 14 12:21:09 UTC 2009

Peter Boosten wrote:
> Ruben de Groot wrote:
>> On Tue, Jul 14, 2009 at 12:46:43AM -0400, Steve Bertrand typed:
>>> John Almberg wrote:
>>>> On Jul 13, 2009, at 6:27 PM, Karl Vogel wrote:
>>>>>    You can fix the security problems by dumping Bind and using djbdns.
>> What security problems? This one ? :)
> It's the old 'my product is better' discussion: some people like
> Mercedes, other people BMW, 'American Cars' are always better, and some
> people like Volvo's.

I like whatever works in regards to the situation I'm facing ;)

We used BIND for years, but with hundreds of domains, I personally had
to manage the zones, lest someone made a typo in a zone or a config file.

I switched us over to DJBDNS a few years ago, simply for the ability to
throw VegaDNS at it in order to provide a safe method to delegate domain
management to other staff.

Many of our servers are still BIND however. I prefer BIND myself. Some
of the BIND servers slave for the djb servers, and others handle other
tasks, particularly all of my zones with IPv6 records.

> I'm a happy bind user for years now (and I use sendmail as well).

I switched from sendmail to Qmail on our core MTAs for the same reasons
stated above. At one point, I wrote CGI wrapper applications so staff
could manage email accounts, but it just got too much. I standardized on
Matt Simerson's Mail Toaster about 6 years ago, simply for the
ease-of-management (ie I don't have to do it).

To me, the product that is better is the one that removes me from having
to use and manage it, and allows me to do other things ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the freebsd-questions mailing list