From owner-freebsd-security Wed Jan 31 15:54: 1 2001 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id E62CB37B699 for ; Wed, 31 Jan 2001 15:53:27 -0800 (PST) Received: (qmail 28880 invoked by uid 1001); 31 Jan 2001 23:53:25 +0000 (GMT) To: dillon@earth.backplane.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind From: sthaug@nethelp.no In-Reply-To: Your message of "Wed, 31 Jan 2001 15:27:25 -0800 (PST)" References: <200101312327.f0VNRPv20077@earth.backplane.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Thu, 01 Feb 2001 00:53:25 +0100 Message-ID: <28878.980985205@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > You gotta work with what you have. Bind outsmarts itself in a lot > of places, especially the stupid interface scanning/binding > code. Agreed. > The > last thing I want it to do is hold *any* state from the previous > incarnation across a restart. Frankly, restarting is not a big deal > even if you have hundreds or thousands of domains. I always restarted > named at BEST rather then HUP it, becausing HUPing is simply too > dangerous when you make random modifications to dozens of primary > zone files out of thousands. Disagree. The problem here is that named stops answering queries for a long time while it is sucking in the zone files. This is mostly a problem for servers with many thousands of domains - but in those cases it can be quite noticeable. Here's a server with 14000 zones: Jan 28 22:22:31 nn named[8645]: starting (/etc/named.conf). named 8.2.3-REL ... Jan 28 22:33:26 nn named[8740]: Ready to answer queries. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message