Date: Sun, 14 Nov 1999 08:54:13 -0500 (EST) From: Barrett Richardson <barrett@phoenix.aye.net> To: Brett Glass <brett@lariat.org> Cc: Peter Wemm <peter@netplex.com.au>, Bill Fumerola <billf@chc-chimes.com>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, security@FreeBSD.ORG Subject: Re: Why not sandbox BIND? Message-ID: <Pine.BSF.4.01.9911140848330.29218-100000@phoenix.aye.net> In-Reply-To: <4.2.0.58.19991112102519.045cf510@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Nov 1999, Brett Glass wrote:
> It'd be a shame if a PPP dial-up server couldn't sandbox BIND,
> since it's a good idea to keep a DNS server as close to the
> dial-ups as possible. Any ideas about how one might work around
> this, short of going to a capabilities-based security model?
>
> --Brett
>
I run bind on my box I dial an ISP with, I just use a directive like
listen-on port 53 {
127.0.0.1;
};
For a dial up server you should be able to add a routable ip to the
loopback and listen on that.
-
Barrett
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9911140848330.29218-100000>