From owner-freebsd-security  Mon Apr 22 17:51:33 2002
Delivered-To: freebsd-security@freebsd.org
Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236])
	by hub.freebsd.org (Postfix) with ESMTP id 29EA037B400
	for <security@FreeBSD.ORG>; Mon, 22 Apr 2002 17:51:26 -0700 (PDT)
Received: from isc.org (localhost.dv.isc.org [127.0.0.1])
	by drugs.dv.isc.org (8.11.6/8.11.2) with ESMTP id g3N0hhx21422;
	Tue, 23 Apr 2002 10:43:44 +1000 (EST)
	(envelope-from marka@isc.org)
Message-Id: <200204230043.g3N0hhx21422@drugs.dv.isc.org>
To: Roger Marquis <marquis@roble.com>
Cc: security@FreeBSD.ORG
From: Mark.Andrews@isc.org
Subject: Re: DNS Question 
In-reply-to: Your message of "Mon, 22 Apr 2002 17:25:32 MST."
             <20020422172141.D64443-100000@roble.com> 
Date: Tue, 23 Apr 2002 10:43:43 +1000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> Len Conrad <LConrad@Go2France.com> wrote:
> >bind9 runs quite nicely and easily in a chroot.
> 
> Can it communicate with syslogd when chrooted?

	Yes.  If it can't then it is the vendor's syslog implementation
	that is broken.  Syslog and chroot are standard parts of the
	OS and they should work together.  If they don't blame the
	OS not the application that tries to use them.

	Same with threads and set{e}{u,g}id.

>  Can it accpet zone
> transfers and write the pid-file assuming a writable directory
> under $CHROOTHOME?

	Yes.  It always could.  BIND 8 required a more complete chroot
	envirionment as it exec'd named-xfer.

>  What happens when you send the daemon a -HUP?

	It re-reads named.conf and acts on the changes there.

> These are all things we've had problems with under bind8.  Be great
> if they are fixed.
> 
> -- 
> Roger Marquis
> Roble Systems Consulting
> http://www.roble.com/
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message