What is the use of having a chroot path during installation of Bind
Reindl Harald
h.reindl at thelounge.net
Thu Jan 14 21:01:55 UTC 2016
Am 14.01.2016 um 21:48 schrieb John Miller:
> Thanks for the advice, Mike. We chrooted our install because it was
> "best practice" security-wise, but from an administration standpoint,
> it's been a bit of a headache: for example, you have to keep straight
> what goes in /etc and /var/named/chroot/etc, you end up setting a
> $BIND_CHROOT environment variable for everyone to keep paths shorts at
> the CLI, etc.
no, you need to just put a symlink
how often do you *by hand* touch things?
normally anything is done with backends and scripts
so after once configured it don't matter if things are bekow
/var/named/chroot/ or on a higher directory - is it worth - well, the
question is "does it harm" and it don't after initial deployment when
done right
security is about layers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160114/e3ae5dbf/attachment.bin>
More information about the bind-users
mailing list