Security issue
David Forrest
drf at maplepark.com
Wed Oct 29 13:58:32 UTC 2008
I am running a small system with dynamic dhcpd updates to bind for local
hosts and encountered the following error when trying to hide my update
keys:
Oct 29 08:36:17 maplepark named[14767]: starting BIND 9.5.0-P2 -u named
Oct 29 08:36:17 maplepark named[14767]: found 1 CPU, using 1 worker thread
Oct 29 08:36:17 maplepark named[14767]: loading configuration from
'/etc/named.conf'
Oct 29 08:36:17 maplepark named[14767]: /etc/named.conf:14: open:
/etc/update-keys: permission denied
Oct 29 08:36:17 maplepark named[14767]: loading configuration: permission
denied
Oct 29 08:36:17 maplepark named[14767]: exiting (due to fatal error)
In order to correct the error, I made /etc/update-keys owned by named, but
am concerned that a breach of bind would allow an intruder to read the
secrets from the keyfile. This kind of defeats a reason for running
bind as user named. As I only update my "internal" view, is this a valid
concern as my "external" view only has pubic dns information and is not
dynamically updated?
David Forrest e-mail: drf @ maplepark.com
Maple Park Development Corporation http://www.maplepark.com
St. Louis, Missouri
More information about the bind-users
mailing list