With regard to using chroot, hasn't named/BIND long had the "-u" (user) and "-t" (directory) options to accomplish the same thing more easily?
On Fri, 16 Oct 2020 12:47:35 -0500 Chuck Aurora <c...@nodns4.us> wrote: > /me catching up on earlier parts of this thread, > > On 2020-10-15 11:42, alcol alcol wrote: > > A DNS server can exist if you follow NIC instractions. > > Mainly have you a leased line ever on? primary DNS can't be down or > > NIC could down your domain. > > Then you have to install and configure it. Better a fedora core , and > > I'm not sure what all that means (language barrier, perhaps), but I > have some gripes with what I do understand. > > First, re: Fedora, no one distro/OS can truly claim to be best. The > best advice to a beginner is to choose one and to learn it very well. > Fedora can be a good choice, as can other GNU/Linux distros, as also > can be various *BSD flavors. The point is: it depends what the user > is comfortable to manage. > > > CHROOT, DNS is one of the services more targeted to enter inside a > > system. > > False. A chroot is a fine idea if you know how to set it up and to > maintain it, but it is certainly not a requirement for a beginner. A > beginner in BIND (as in anything else) will do best by starting simple > and building on what is learned. > > Also, while DNS is indeed a target of abuse, I honestly cannot recall > a single exploit of BIND 9 that would lead to system penetration. It > is true that BIND's named has had more than its share of security > issues and bugs, but TTBOMK all of these have been crashes, causing > only denial of service. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users