New BIND 9 chroot directories
matusita at jp.FreeBSD.org
Mon Oct 4 19:48:37 PDT 2004
I'm seriously considering to change my named configuration to using
chroot sandbox. Generally, I'm agree with recent named changes.
However I have one thing unclear about current /var/named.
DougB> Because running bind chrooted is considerably safer, and the
DougB> defaults should be as safe as possible unless it is an
DougB> inconvenience to the majority of our users.
As a result, all files using named(8) is under "/var," which is
characterized "multi-purpose log, temporary, transient, and spool
files" directory (see hier(7)). Yes, the named configuration file (I
believe it is considered generally as important), master zone files
(also important, at least for me), are located under "/var."
So here's my question to all "running named with chroot sandobx"
users: are you ok with such important file is under /var?
Makoto `MAR' Matsushita
More information about the freebsd-current