--On Tuesday, April 13, 2021 1:15 AM -0400 Steven Tardy <sjt5atra at gmail.com> wrote: > IMO each VM should have a singular use/purpose/app. VMs are effectively > free. And also prevents unintended negative upgrade interactions. > > Think through this to the logical end as each process is it's own > environment/container/(docker) or each user execution is a unique instance > (serverless). My sense is that all the mail apps that touch the same data on disk should share a VM. But RoundCubeMail is really an MUA so it can be in a separate VM. One VM can hold a caching DNS and the rest can resolve to it. Each web server/domain/app should be in its own VM to sandbox it from other domains. The tricky part with DNS is that outside caching servers (like Google) handle short-lived (low TTL) records better (some records have lifetimes of seconds!) but mail block lists refuse access from Google because they charge for large users, so small mail servers need their own caching DNS. Hence, one might split DNS into two servers, one just for mail and one for everything else. <https://blog.apnic.net/2019/11/12/stop-using-ridiculously-low-dns-ttls/>