'succesful' nsupdate of remote server not persistent across nameserver restart?
jasonsu at mail-central.com
jasonsu at mail-central.com
Wed Apr 27 13:37:07 UTC 2016
On Wed, Apr 27, 2016, at 06:30 AM, Matthew Pounsett wrote:
> > Actually it is normal for privsep processes to chroot themselves, usually
> > to /var/empty - e.g.
>
> Right, so "no chroot necessary" (which is what I was responding to) isn't
> accurate.
Oh. That's not what I got out of your comment.
>From this end-user's perspective, there's a pretty big difference from a user perspective of
(1) "it" uses privsep, and takes care of the chroot for you -- i.e., you don't mess with it, and it's all in a documented, predictable package
and
(2) you have to monkey with all of it yourself. It's either easy & insecure, or secure but 'good luck with it'.
Jason
More information about the bind-users
mailing list