From owner-freebsd-security Mon Aug 23 13:26:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id 9BDE014CC0 for ; Mon, 23 Aug 1999 13:26:45 -0700 (PDT) (envelope-from freebsd@deepwell.com) Received: (qmail 3524 invoked from network); 23 Aug 1999 21:10:29 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 23 Aug 1999 21:10:29 -0000 Message-Id: <4.2.0.58.19990823131756.01edf5d0@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Mon, 23 Aug 1999 13:19:17 -0700 To: Poul-Henning Kamp , freebsd-security@freebsd.org From: Deepwell Internet Subject: Re: IPFW/DNS rules In-Reply-To: <11139.935438898@critter.freebsd.dk> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm not familliar with jail as an admin term or a command. Can you tell me where I can find more information on this? Is it an admin philosophy or a tool? > >One can also run named in chroot() environment and as non-root user. In > >fact, this is exactly what we are doing where I work: > > > >85-jkb(nautilus)% ssh dns1.corp ps ax | grep named > > 106 ?? Ss 0:30.01 syslogd -s -l /var/named/dev/log > >27897 ?? Ss 1047:54.55 /var/named/named -u bind -g bind -t /var/named > >Even better yet: Run it in a jail with it's own IP number... > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message