From owner-freebsd-stable  Thu Feb  1 14:29:15 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id 8155C37B491
	for <stable@FreeBSD.ORG>; Thu,  1 Feb 2001 14:28:58 -0800 (PST)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.1/8.9.3) id f11MSg735305;
	Thu, 1 Feb 2001 14:28:42 -0800 (PST)
	(envelope-from dillon)
Date: Thu, 1 Feb 2001 14:28:42 -0800 (PST)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200102012228.f11MSg735305@earth.backplane.com>
To: Chris Byrnes <chris@JEAH.net>
Cc: Vivek Khera <khera@kciLink.com>,
	FreeBSD Stable <stable@FreeBSD.ORG>
Subject: Re: DNS security
References:  <Pine.BSF.4.21.0102011129290.62920-100000@awww.jeah.net>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


:cd /etc
:chown -R bind:bind namedb
:chmod 700 namedb
:
:
:-- Chris

    Never do this.  /etc/namedb and all files in it should be owned by
    root.  Bind should never be allowed to write to those files or that
    directory.  Only the secondary-zone subdirectory (typically /etc/namedb/s)
    should be owned by bind:bind

				-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message