Upon reevaluation of the risks, we have revised our guidance and no longer recommend against deploying the DAL node on the same machine as the baker node.
The initial concern was that an attacker with access to a DAL node’s RPC endpoints could exploit a target baker’s IP address to launch a Denial-of-Service (DoS) attack. However, this risk is deemed low compared to other vulnerabilities inherent in public machines. Moreover, as the network expands and more nodes join, the risk is expected to diminish further due to the increasing complexity of mapping bakers’ identities to IP addresses.
