Date: Thu, 15 Mar 2001 22:18:23 -0800 From: Eugene Lee <eugene@anime.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: I need a script. Message-ID: <20010315221823.B19263@anime.net> In-Reply-To: <20010315232844.A4180@northernbrewer.com>; from chris@northernbrewer.com on Thu, Mar 15, 2001 at 11:28:46PM -0600 References: <3AB11A0E.EF2C79D3@pyramus.com> <20010315134930.A2780@northernbrewer.com> <20010315120039.C6942@anime.net> <20010315232844.A4180@northernbrewer.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 15, 2001 at 11:28:46PM -0600, Christopher Farley wrote: : : Eugene Lee (eugene@anime.net) wrote: : : > I'm running 'named 8.2.3-T6B'. I wonder if the shipped binary has a : > problem. : : Yes, it does. [...] : Just because you can do something, does not mean that you should. : I think writing a script to restart your DNS server when it coredumps : is a VERY BAD THING. If each named crash is an attempt on your : machine, and you've got a script to *automatically restart it*, an : attacker can launch a sustained assault against your machine. You are : giving them many more chances to be successful. I hope Bill Mitcheson sees this suggestion. He's the one that wanted to write that script. :-) : Get to the root of the problem whatever it is. Fortunately, I run it as 'named -u bind -g bind'. So I'm not too worried about potenetial root compromises. But I wasn't sure which was the better option: build named from the ISC BIND tarball, or grab /usr/src/usr.sbin/named/ from 4.3-BETA. Or will FreeBSD 4.3 ditch 8.x and move to BIND 9? -- Eugene Lee eugene@anime.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010315221823.B19263>