in.named int S72inetsvc startup
Kevin Darcy
kcd at daimlerchrysler.com
Tue Jul 31 22:02:41 UTC 2001
twong at solutioncentral.com wrote:
> We are going to be upgrading our bind 8.2.2p5 DNS server to 8.2.4.
> Question is in the startup script S72inetsvc, is it neccessary to
> specify other options such as -u -g -t?
>
> The default install of BIND for solaris (8.2.2p5) did not specify
> these options and I am wondering if I need to.
They aren't necessary, but they are recommended as security measures.
All of my Internet-facing nameservers run chroot'ed and unprivileged (-t
and -u).
The single most important thing is to upgrade from 8.2.2p5. Until you
do, you're a sitting duck for script kiddies. You can fiddle around with
-u/-g/-t later.
- Kevin
More information about the bind-users
mailing list