Date: Mon, 23 Aug 1999 14:11:41 -0600 From: Nate Williams <nate@mt.sri.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: "Jan B. Koum " <jkb@best.com>, Matthew Dillon <dillon@apollo.backplane.com>, Nate Williams <nate@mt.sri.com>, freebsd-security@FreeBSD.ORG Subject: Re: IPFW/DNS rules Message-ID: <199908232011.OAA01520@mt.sri.com> In-Reply-To: <11139.935438898@critter.freebsd.dk> References: <19990823130116.B1797@best.com> <11139.935438898@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
> >One can also run named in chroot() environment and as non-root user. In > >fact, this is exactly what we are doing where I work: > > > >85-jkb(nautilus)% ssh dns1.corp ps ax | grep named > > 106 ?? Ss 0:30.01 syslogd -s -l /var/named/dev/log > >27897 ?? Ss 1047:54.55 /var/named/named -u bind -g bind -t /var/named > > Even better yet: Run it in a jail with it's own IP number... This box isn't ready for -current, or more to the point, -current isn't ready for prime-time anytime soon. :) :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908232011.OAA01520>