permissions on /etc/namedb

[Doug Barton]

Randy Bush wrote:
> my fix to all this has been
>    /usr/ports/dns/unbound  (cache only)
> or
>    /usr/ports/dns/nsd      (auth only)
> 
> and the developers/porters are constructive and friendly

Oddly enough I think of myself as constructive and friendly. :) 
However I can't make a default configuration that fits everyone's 
needs. I can only do what I can to make it safe by default.

Of course the two alternatives you listed are good ones, and I 
encourage my clients to investigate them for their environments even 
if they continue using BIND since IMO diversity is a good thing, helps 
improve resilience, etc.

Doug

-- 

     This .signature sanitized for your protection