NDC vs. kill -HUP
joseph lang
tcnojl1 at earthlink.net
Fri Aug 18 10:36:02 UTC 2000
Jim Reid wrote:
>
> >>>>> "Mark" == Cinense, Mark <macinen at sandia.gov> writes:
>
> Mark> Can anyone tell me the pros' and cons' of ndc versus using
> Mark> kill -HUP. thanks....
>
> Using signals to "control" the name server is crude and old-fashioned.
> The interface provided by ndc is far more flexible: like allowing
> incremental zone reloads or re-reading the config file without loading
> every zone on the server. Another benefit of ndc is that it can allow
> the name server to be controlled by a different UID from the one that
> runs named. All that takes is suitable access permissions on the
> control socket used by the server and ndc. Another problem with the
> signals interface is that some signals have different effects on
> different versions of BIND.
>
> FWIW, BIND9 has rndc which is able to control a remote name server.
>
> Using signals to get the name server to do things is as obsolete and
> as as BIND4.
jim did a good job of laying out the "PRO" side. Here's
the "CON"
Some flavors of unix have security problems with unix
domain sockets. This allows a normal user to control
BIND. Kill -HUP doesn't suffer from this flaw.
joe lang
More information about the bind-users
mailing list