Another Con in Re: NDC vs. kill -HUP
DanO
express at fastdial.net
Tue Jul 18 14:43:13 UTC 2000
As another point to ponder,
Most versions of Linux shipped today, package Bind to run as a non root
user.
So in my experience with NDC, if you run as user "named", and you send-
NDC Reload, you'll get an error like, ( Unable to create named.pid ). and I
have seen named restarted as root. Maybe I'm doing something wrong, but for
me, the old fashioned command line editing still work's for me.
Dito Michael !!
DanO
Jim Reid wrote:
>
> >>>>> "Mark" == Cinense, Mark <macinen at sandia.gov> writes:
>
> Mark> Can anyone tell me the pros' and cons' of ndc versus using
> Mark> kill -HUP. thanks....
>
> Using signals to "control" the name server is crude and old-fashioned.
> The interface provided by ndc is far more flexible: like allowing
> incremental zone reloads or re-reading the config file without loading
> every zone on the server. Another benefit of ndc is that it can allow
> the name server to be controlled by a different UID from the one that
> runs named. All that takes is suitable access permissions on the
> control socket used by the server and ndc. Another problem with the
> signals interface is that some signals have different effects on
> different versions of BIND.
>
> FWIW, BIND9 has rndc which is able to control a remote name server.
>
> Using signals to get the name server to do things is as obsolete and
> as as BIND4.
jim did a good job of laying out the "PRO" side. Here's
the "CON"
Some flavors of unix have security problems with unix
domain sockets. This allows a normal user to control
BIND. Kill -HUP doesn't suffer from this flaw.
joe lang
More information about the bind-users
mailing list