Michael Stone ([EMAIL PROTECTED]) wrote on 5 June 2000 07:08: >On Mon, Jun 05, 2000 at 10:28:04AM +0100, Anton Ivanov wrote: >> There was a long standing discussion on this which basically boils down to >> the >> fact that if you obtain your address dynamically or have dynamic interfaces >> (some form of PPP or anything on PCMCIA) you have to run it as root in >> order >> for bind to use these interfaces. >> >> bind does not bind 0.0.0.0:53. It for one or another reason binds every >> interface separately. Hence if an interface is not available at bind start >> time and bind does not run as root the interfaces are not rebound. > >And I still think this is a stupid reason for us to be allowing a >security problem to sit around--how many people run dns servers on >machines with dynamic addresses?
Agreed!!! If the czars don't agree with this, the possibility should at least be easier to implement by setting a config option in the /etc/init.d/bind script.