Subject: Re: BIND and chroot-SOLVED
To: Don Woodward <dbwoodw@abraxis.com>
From: Joe Laffey <joe@laffeycomputer.com>
List: port-mac68k
Date: 07/09/2000 11:59:04
On Sun, 9 Jul 2000, Don Woodward wrote:
> Joe:
>
> Thanks for sharing the results - as I think about what you were doing I
> believe the "chrooted" environment is only a security precaution and as long
> as the two binds had separate configuration directories/files there should
> be no problem.
Oh... In answer to this comment...
Yes, chrooting and having named run as non-root is a security precaution
and a very good one IMHO given the history of BIND root exploits.
This was all I was trying to do under NetBSD for now (I put the split DNS
on my linux server, which is a faster machine with a lot more RAM.) I will
probably put split DNS on this NetBSD box too, but I don't like running
BIND as root or not chrooted.
Joe Laffey
LAFFEY Computer Imaging
St. Louis, MO
-------------------------
With no walls or fences on the Internet, who needs Windows or Gates?
---------------------------------------------------------------------