On Tue, 19 Oct 2010, Kevin Chadwick wrote:
Assuming there is a bug in unbound (OpenBSD are thinking of adopting it,
so it must be good) meaning that where your important stuff is
matters. Then likely so do all the binaries etc. (if they have not been
removed) that may be used for priviledge elevation. It certainly can't
harm.
What I meant was "the only valuable data on a dedicated nameserver resides
within the chroot, no need to get outside it. Its the compromise of the
nameserver data that matters, not the host. (the host is really just a
container)
(sometimes outdated)
binaries or special devices or config files in the chroot.
Will you look after it or leave it to get dusty.
I don't use chroot. So I do not have duplicate/old binaries around.
Is it finding ssl (you did not add --with-ssl). I've seen a lot of
speed differences with different versions of openssl.
Can you remember which one was slow and which was fast?
0.9.[678] was faster then 1.0.0beta, but I think 1.0.0 was fastest.
Paul
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
