Contributed by jose on from the safer-DNS dept.
Privilege seperation for named. Allows named to handle address/interface changes without restart. If you use non-standard ports in named configuration make sure they are > 1024. Also /var/named/etc/rndc.key (if any) must be readable by group named.Initial work and testing by itojun@, jakob@, hints, help from henning@, avsm@, beck@. ok henning, beck, avsm, deraadt
(Comments are closed)
By Anonymous Coward () on
Comments
By Can Erkin Acar () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By krh () on
Comments
By Luiz Gustavo () on
We could argue about NSD begin not audited or even the fact of not having a recursive piece to fit bind hole.
Unfortunally ISC has a history of issues and we should note the lack of men power right now to build replacements.
Comments
By krh () on
Given that, I'm comfortable and happy using BIND. If you're not, then by all means, run something else! I'd rather you did that than have you be forced to run a name server you didn't trust.
Comments
By Luiz Gustavo () on
See I'm not bashing efforts taken to make bind behave better, but you must see the real reason behind it.
BTW Bind is standard in the same way as sendmail, which seems to me a twisted one for sure.