Date: Thu, 23 Aug 2001 12:52:51 -0500 (CDT) From: Chris Dillon <cdillon@wolves.k12.mo.us> To: Matt Dillon <dillon@earth.backplane.com> Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, Brian Somers <brian@Awfulhak.org>, Jun Kuriyama <kuriyama@FreeBSD.ORG>, <cvs-committers@FreeBSD.ORG>, <cvs-all@FreeBSD.ORG>, <brian@freebsd-services.com> Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf Message-ID: <Pine.BSF.4.32.0108231248590.77439-100000@mail.wolves.k12.mo.us> In-Reply-To: <200108231645.f7NGjYe86993@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Aug 2001, Matt Dillon wrote: > > I like the idea of, finally, invoking named in a sandbox. I don't > understand why the pidfile location has to change, though. named > creates its pidfile as root before it setuid's itself. > > While it is true that named cannot rescan interfaces when operating > in this mode, this restriction has never been an impediment to anything > I've ever done with it. Most dialup users don't run named, they simply > allow ppp to setup /etc/resolv.conf for them. Those who do will be savvy > enough to add the appropriate override to /etc/rc.conf (or won't have to > if they don't bother to mergemaster the new default rc files). Just thought of something... Correct me if I'm wrong, but named only needs to bind to an interface that it will receive queries on, right? How many cases (a handful?) will we have where the dynamic interface that BIND will not be able to attach to in a sandbox is the one where queries will be coming in on? BIND can still make outgoing queries on any interface wether it is bound to it or not, right? I think that would significantly lessen the number of people we think this is going to affect. -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet - Available for IA32 (Intel x86) and Alpha architectures - IA64, PowerPC, UltraSPARC, and ARM architectures under development - http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0108231248590.77439-100000>