proper way to start named at boot?
Michael Kjorling
michael at kjorling.com
Tue May 28 20:05:57 UTC 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 28 2002 19:02 -0000, Michael wrote:
> Hi,
> I have to start named (bind 8.2.2) manually after each reboot,
> /etc/init.d/named start. There must be a better way. Should I simply put
> /etc/init.d/named start at the end of rc.local or is this a security
> problem? If there is a better way, please use full instructions as I don't
> know how to make symlinks or write scripts.
> Thanks,
> --Michael-
There is a serious security problem with running an unpatched BIND
8.2.2 - it has _known_ _remote_ _root_ _exploits_. Exploits that have
been known since - what is it now, like years. It's only a matter of
time before you get rooted, if you haven't already.
Once you have upgraded to a non-vulnerable version (at the VERY least
8.2.3, preferably 8.3.1 or 9.2.1), there are no known security risks
with starting named from one or another boot script. Exact
instructions are impossible to give since you do not tell us what
operating system you are running. I can only assume it is some Unix
variant.
Michael Kjörling
- --
Michael Kjörling -- Programmer/Network administrator ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4 \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html
iD8DBQE88+MpKqN7/Ypw4z4RAu+cAJ4+3xOBxyLT3cJUYdKvRiSLUi0QUgCfep7M
9VUXZbAa/zUu6CR73UzGwLI=
=yjVn
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list