Date: Fri, 05 Jun 1998 09:42:37 +0200 From: sthaug@nethelp.no To: roberto@keltia.freenix.fr Cc: freebsd-security@FreeBSD.ORG Subject: Re: /usr/sbin/named Message-ID: <23827.897032557@verdi.nethelp.no> In-Reply-To: Your message of "Mon, 1 Jun 1998 11:51:12 %2B0200" References: <19980601115112.A10806@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Also... Is there any reason for this daemon to run as root, other than > > binding to port 53? Would it be possible and reasonable to patch it to > > give up root after binding to the port? > > Zone transferts are done by connecting tcp(53) to tcp(53). Name resolution > between servers are using 53 too so you'll need to bind several times on > that port. Name resolution between servers (ie. a server sends a query to another server) is done using port 53 in BIND-4.9.x (ie. the standard FreeBSD setup). In BIND-8.1.x, queries from the server itself are *not* sent from port 53 unless you specifically tell named to do so. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23827.897032557>