Am 14.01.2016 um 22:37 schrieb John Miller:
On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald <h.rei...@thelounge.net> wrote:normally anything is done with backends and scriptsYep - via Puppet and scripting for us, mostly.so after once configured it don't matter if things are bekow /var/named/chroot/ or on a higher directory - is it worth - well, the question is "does it harm" and it don't after initial deployment when done rightFor the most part, I agree with you here. That said, for someone with very little BIND and Unix experience--say someone who primarily manages Windows--to come in and understand a chrooted installation isn't as easy as a non-chrooted install
sorry, but someone with "very little BIND and Unix experience" should not reach a level on a server where he recognizes a differene *until* he has expierience
sacrifice any level of security just because someone may not understand a proper setup is for sure not the way to go
in case of "all of your bind config is below /var/named/chroot/" it should be enough told once to understand how to deal with it and if not it's a good sign to remove acess for the person given that on CentOS/RHEL/Fedora bind-chroot works out-of-the-box without any intervention
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
