From owner-freebsd-security Sun Nov 14 7:33:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from phoenix.aye.net (phoenix.aye.net [198.7.192.5]) by hub.freebsd.org (Postfix) with SMTP id 413FD14FD0 for ; Sun, 14 Nov 1999 07:33:47 -0800 (PST) (envelope-from barrett@phoenix.aye.net) Received: (qmail 625 invoked by uid 1000); 14 Nov 1999 13:54:13 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Nov 1999 13:54:13 -0000 Date: Sun, 14 Nov 1999 08:54:13 -0500 (EST) From: Barrett Richardson To: Brett Glass Cc: Peter Wemm , Bill Fumerola , Cy Schubert - ITSD Open Systems Group , security@FreeBSD.ORG Subject: Re: Why not sandbox BIND? In-Reply-To: <4.2.0.58.19991112102519.045cf510@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Nov 1999, Brett Glass wrote: > It'd be a shame if a PPP dial-up server couldn't sandbox BIND, > since it's a good idea to keep a DNS server as close to the > dial-ups as possible. Any ideas about how one might work around > this, short of going to a capabilities-based security model? > > --Brett > I run bind on my box I dial an ISP with, I just use a directive like listen-on port 53 { 127.0.0.1; }; For a dial up server you should be able to add a routable ip to the loopback and listen on that. - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message