Bind on Debian
Simon Waters
Simon at wretched.demon.co.uk
Thu Jul 12 17:30:57 UTC 2001
NDSoftware wrote:
>
> start-stop-daemon --start --quiet --exec /usr/sbin/named -- -g named -u
> named
BIND 9 option "-g" means run in foreground and log to stderr
and is nothing to do with groups.
Hopefully they included the README that discusses threads,
kernels and running with "-u username" in the Debs package
from the ISC tar of sources?
In summary;
threads + kernel <2.3.99 + "-u named" = Not available
threads + kernel <2.3.99 = Okay but less secure
nothreads + kernel <2.3.99 + "-u named" = Okay, but doesn't
scale well with extra CPU's
threads + kernel >=2.3.99 + "-u named" = Really cool as it
preserve the ability to bind to port 53 after the "setuid"
takes place, unlike other Unix versions of BIND 9.
Adding chroot to the equation is left as an exercise for the
reader, but BIND 9 makes it easier to do (alledgedly).
Easiest way to spot if it was compiled with threads is "ps
-ef | grep named" and check how many you see running when
nothing weird is happening (i.e. zone transfers).
Simon
PS: You owe the Oracle a question.
$ cat ./bin/askme
mail -s"askme" oracle at cs.indiana.edu <<...
.
...
More information about the bind-users
mailing list