chrooting BIND [was -Re: Here I am again, hat in hand with humble demeanor.......]
Kevin Oberman
oberman at es.net
Mon Sep 27 23:12:28 UTC 2010
> Date: Mon, 27 Sep 2010 09:46:44 -0500
> From: Jerry Kemp <dns.bind.list at oryx.cc>
> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>
> IMHO, the primary benefit of chrooting is security.
>
> another, less painful option, again IMHO, is to run BIND in a jail if
> you are using BSD, or a zone if you are on Solaris, or a Solaris based
> distro.
While both are pretty simple to do on BSD, jail is far more secure, but
I certainly find setting up jails more complex than chrooting. (Besides,
the FreeBSD BIND is chrooted by default, so there is nothing to set up.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the bind-users
mailing list