Date: Tue, 05 Oct 2004 11:48:34 +0900 From: Makoto Matsushita <matusita@jp.FreeBSD.org> To: freebsd-current@freebsd.org Subject: Re: New BIND 9 chroot directories Message-ID: <20041005114834Y.matusita@jp.FreeBSD.org> In-Reply-To: <20041004181933.H96420@bo.vpnaa.bet> References: <200410041734.53316.freebsd@redesjm.local> <200410042343.19211.freebsd@redesjm.local> <20041004181933.H96420@bo.vpnaa.bet>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm seriously considering to change my named configuration to using chroot sandbox. Generally, I'm agree with recent named changes. However I have one thing unclear about current /var/named. DougB> Because running bind chrooted is considerably safer, and the DougB> defaults should be as safe as possible unless it is an DougB> inconvenience to the majority of our users. As a result, all files using named(8) is under "/var," which is characterized "multi-purpose log, temporary, transient, and spool files" directory (see hier(7)). Yes, the named configuration file (I believe it is considered generally as important), master zone files (also important, at least for me), are located under "/var." So here's my question to all "running named with chroot sandobx" users: are you ok with such important file is under /var? -- - Makoto `MAR' Matsushita
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041005114834Y.matusita>