I suppose the difference is that if someone breaks into a chrooted
dns server, that there are almost no userland utils for them to use
to attack other machines, and it becomes more of a DOS on your dns
server.
Cheers!
--Matt Galgoci
On Wed, Dec 06, 2000 at 12:28:32PM -0600, almquist paul wrote:
> >
> > Hi
> >
> > I have found several excellent discussions about this, and even a script
> > that helps set this up (http://sourceforge.net/projects/ctk-dns-chroot/).
> >
> > However, I'm wondering if there are any BIND rpms available that have this
> > setup already, since I'd prefer it for the maintainance.
> >
> > Has anyone run two chrooted instances on the sawe machine? I'd like to run
> >
> Indirectly related to the issue of running bind in chrooted environment I
> read an interesting comment on the subject in "Linux DNS Server Administration"
> by Craig Hunt. On page 254 he states his opinion on the subject. To
> paraphrase: Put DNS on a dedicated Linux box. It is automatically isolated
> from other services and users without the added steps to setup chroot.
>
> Comments?
>
> paul
>
> --
> +-------------------\\ //---------------------------+
> / C h i p p e w a \\ // alley Technical College /
> / 620 W. Clairemont Ave \// Eau Claire, WI 54701 USA /
> /-----------------------------------------------------/
> / Paul F. Almquist, Instructor--Networking/Unix/Linux /
> / Computer Information Systems Dept Unix Forever!! /
> / [EMAIL PROTECTED] /
> / http://cis.chippewa.tec.wi.us/almquipf /
> +-----------------------------------------------------+
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
--
"Hey Y'all, Watch this!" --Mike Wangsmo
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list