|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Why not sandbox BIND?
Barrett Richardson (barrett
phoenix.aye.net)
Sun, 14 Nov 1999 08:54:13 -0500 (EST)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Barrett Richardson: "Re: Why not sandbox BIND?"
- Previous message: Matthew West: "Re: sandboxed bind."
- In reply to: David Gilbert: "Re: sandboxed bind."
- Next in thread: Barrett Richardson: "Re: Why not sandbox BIND?"
- Next in thread: Matthew Dillon: "Re: Why not sandbox BIND?"
- Reply: Barrett Richardson: "Re: Why not sandbox BIND?"
On Fri, 12 Nov 1999, Brett Glass wrote:
> It'd be a shame if a PPP dial-up server couldn't sandbox BIND,
> since it's a good idea to keep a DNS server as close to the
> dial-ups as possible. Any ideas about how one might work around
> this, short of going to a capabilities-based security model?
>
> --Brett
>
I run bind on my box I dial an ISP with, I just use a directive like
listen-on port 53 {
127.0.0.1;
};
For a dial up server you should be able to add a routable ip to the
loopback and listen on that.
-
Barrett
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Barrett Richardson: "Re: Why not sandbox BIND?"
- Previous message: Matthew West: "Re: sandboxed bind."
- In reply to: David Gilbert: "Re: sandboxed bind."
- Next in thread: Barrett Richardson: "Re: Why not sandbox BIND?"
- Next in thread: Matthew Dillon: "Re: Why not sandbox BIND?"
- Reply: Barrett Richardson: "Re: Why not sandbox BIND?"
This archive was generated by hypermail 2.0b3 on Sun Nov 14 1999 - 09:33:49 CST