All hacks and cracks could be avoided if the named run under uid other than root. Right? No one would be interested in breaking in through named if it ran as nobody (just like httpd does). Would it suffice to use setuid just after the socket has opened? David