From owner-freebsd-security Wed Jan 31 15:27:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id CDCB237B491 for ; Wed, 31 Jan 2001 15:27:30 -0800 (PST) Received: (from dillon@localhost) by earth.backplane.com (8.11.1/8.9.3) id f0VNRPv20077; Wed, 31 Jan 2001 15:27:25 -0800 (PST) (envelope-from dillon) Date: Wed, 31 Jan 2001 15:27:25 -0800 (PST) From: Matt Dillon Message-Id: <200101312327.f0VNRPv20077@earth.backplane.com> To: Alfred Perlstein Cc: Brian Behlendorf , Roman Shterenzon , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind References: <20010131140447.E26076@fw.wintelcom.net> <20010131145423.H26076@fw.wintelcom.net> <200101312305.f0VN5vJ19469@earth.backplane.com> <20010131151531.I26076@fw.wintelcom.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> I think we can easily make it the default. : :If it breaks HUP, then not really. :) : :I'm not sure how bind handles restarts, but even if it exec(2)s over :itself it can track the fd open for its socket and shouldn't have to :rebind it. You gotta work with what you have. Bind outsmarts itself in a lot of places, especially the stupid interface scanning/binding code. The last thing I want it to do is hold *any* state from the previous incarnation across a restart. Frankly, restarting is not a big deal even if you have hundreds or thousands of domains. I always restarted named at BEST rather then HUP it, becausing HUPing is simply too dangerous when you make random modifications to dozens of primary zone files out of thousands. ndc kill's the original bind and starts a new one as root when you use 'ndc restart'. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message