[WBEL-users] Recommendation for BIND only distro?

[Bob Ramstad]

On 5/25/05, Erik Williamson <erik at cpsc.ucalgary.ca> wrote:
> Me again,
> 
> > It then occurred to me that it would be more secure to build the
> > machine in a way that it could be totally burned down, hacked, and
> > whatnot with the only downside being loss of the service.
> 
> I don't quite follow you here - how is it more secure to be insecure?
> Downtime is what we're all waging war against...

Right.  

On a separate machine, I could create and burn a bootable ISO with all
the data files and whatnot for BIND.  No hard drive, no floppy drive,
nothing.  Just CPU, memory, and CD-ROM (not even a burner) on the
gateway machine.

If there is no writable media, it's a lot harder to attack the
machine...  and if it somehow gets infected with something, just
reboot, and it's gone for the time being until a better ISO can be
built that fixes the problem.

No backups necessary, either...

I guess I didn't express myself very well earlier, but I was really
weighing total cost of ownership -- building a special bootable CD-ROM
ISO would mean putting more time in up front, but presumably less work
keeping the system up and running over time and perhaps having better
security due to lack of hackability.

-- Bob