What is the use of having a chroot path during installation of Bind
Reindl Harald
h.reindl at thelounge.net
Thu Jan 14 21:44:44 UTC 2016
Am 14.01.2016 um 22:37 schrieb John Miller:
> On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> normally anything is done with backends and scripts
>
> Yep - via Puppet and scripting for us, mostly.
>
>> so after once configured it don't matter if things are bekow
>> /var/named/chroot/ or on a higher directory - is it worth - well, the
>> question is "does it harm" and it don't after initial deployment when done
>> right
>
> For the most part, I agree with you here. That said, for someone with
> very little BIND and Unix experience--say someone who primarily
> manages Windows--to come in and understand a chrooted installation
> isn't as easy as a non-chrooted install
sorry, but someone with "very little BIND and Unix experience" should
not reach a level on a server where he recognizes a differene *until* he
has expierience
sacrifice any level of security just because someone may not understand
a proper setup is for sure not the way to go
in case of "all of your bind config is below /var/named/chroot/" it
should be enough told once to understand how to deal with it and if not
it's a good sign to remove acess for the person given that on
CentOS/RHEL/Fedora bind-chroot works out-of-the-box without any intervention
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160114/1f8a703f/attachment.bin>
More information about the bind-users
mailing list