From owner-freebsd-security  Mon Jun  1 07:32:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA15730
          for freebsd-security-outgoing; Mon, 1 Jun 1998 07:32:18 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA15593
          for <freebsd-security@FreeBSD.ORG>; Mon, 1 Jun 1998 07:32:00 -0700 (PDT)
          (envelope-from roberto@keltia.freenix.fr)
Received: (from uucp@localhost)
	by frmug.org (8.9.0/frmug-2.3/nospam) with UUCP id QAA03118
	for freebsd-security@FreeBSD.ORG; Mon, 1 Jun 1998 16:31:54 +0200 (CEST)
	(envelope-from roberto@keltia.freenix.fr)
Received: (from roberto@localhost)
        by keltia.freenix.fr (8.9.0.Beta4/keltia-2.14/nospam) id LAA10818
        for freebsd-security@FreeBSD.ORG; Mon, 1 Jun 1998 11:51:12 +0200 (CEST)
        (envelope-from roberto)
Message-ID: <19980601115112.A10806@keltia.freenix.fr>
Date: Mon, 1 Jun 1998 11:51:12 +0200
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: freebsd-security@FreeBSD.ORG
Subject: Re: /usr/sbin/named
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.92.3i
In-Reply-To: <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>; from Steve Reid on Sun, May 31, 1998 at 11:56:23PM -0700
X-Operating-System: FreeBSD 3.0-CURRENT ctm#4311 AMD-K6 MMX @ 225 MHz
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

According to Steve Reid:
> Also... Is there any reason for this daemon to run as root, other than
> binding to port 53? Would it be possible and reasonable to patch it to
> give up root after binding to the port? 

Zone transferts are done by connecting tcp(53) to tcp(53). Name resolution
between servers are using 53 too so you'll need to bind several times on
that port.

After loading the zone, you'll also need to write it on disk...
-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #60: Fri May 15 21:04:22 CEST 1998

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message