I have a cluster of servers running Xenserver 5.6 that host web email and VoIP services. I'm currently considering setting up a chrooted bind server on each Xenserver host (I mean on the actual server not inside a VM)
Is this a bad idea?
I have a cluster of servers running Xenserver 5.6 that host web email and VoIP services. I'm currently considering setting up a chrooted bind server on each Xenserver host (I mean on the actual server not inside a VM)
Is this a bad idea?
As a general rule, I'd advise against running anything other than the absolute bare minimum of services in the Xen Dom0 (the privileged domain which has full access to the hardware, and to all the virtual machines on the host).
This is primarily on security grounds - you should, as a rule of thumb, only run essential services on the machines which carry the greatest value to you - if your Dom0 is compromised, all your DomUs (guest VMs) are also effectively compromised, as the attacker has access to the console of each VM.
If you do want to run some nameservers, and they're public-facing, and authoritative, there's no problem with running them as virtual machines, but you should make every effort to run them (you always need at least two) on entirely separate network segments to ensure availability. For example:
ns1.redhat.com. 463 IN A 66.187.233.210
ns2.redhat.com. 463 IN A 209.132.183.2
ns3.redhat.com. 462 IN A 209.132.176.100