Date: Mon, 04 Aug 2008 11:46:19 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Randy Bush <randy@psg.com> Cc: freebsd-net@freebsd.org, Eugene Grosbein <eugen@kuzbass.ru> Subject: Re: permissions on /etc/namedb Message-ID: <48974E7B.5050401@FreeBSD.org> In-Reply-To: <4896C374.803@psg.com> References: <20080803073803.GA10321@grosbein.pp.ru> <4895EB57.2000801@FreeBSD.org> <20080803183346.GA53252@svzserv.kemerovo.su> <4896997D.8060001@FreeBSD.org> <20080804060658.GA19639@svzserv.kemerovo.su> <4896A416.80602@FreeBSD.org> <20080804075510.GA28531@svzserv.kemerovo.su> <a64aff337658fe18eb43cf6f459641d1.squirrel@galain.elvandar.org> <20080804084833.GA35267@svzserv.kemerovo.su> <4896C374.803@psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Randy Bush wrote:
> my fix to all this has been
> /usr/ports/dns/unbound (cache only)
> or
> /usr/ports/dns/nsd (auth only)
>
> and the developers/porters are constructive and friendly
Oddly enough I think of myself as constructive and friendly. :)
However I can't make a default configuration that fits everyone's
needs. I can only do what I can to make it safe by default.
Of course the two alternatives you listed are good ones, and I
encourage my clients to investigate them for their environments even
if they continue using BIND since IMO diversity is a good thing, helps
improve resilience, etc.
Doug
--
This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48974E7B.5050401>