Another Con in Re: NDC vs. kill -HUP

Cinense, Mark macinen at sandia.gov
Fri Aug 18 18:00:14 UTC 2000 

I, see, however is this not a permissions issue.  Why would you not be able
to just set permissions to run instead of sending signals to the daemon.
Also how well does NDC work with scripts?  Would NDC be much nicer to the
daemon than sending signals?

Mark A Cinense
-----Original Message-----
From: DanO [mailto:express at fastdial.net]
Sent: July 18, 2000 8:43 AM
To: joseph lang; bind-users at isc.org
Subject: Another Con in Re: NDC vs. kill -HUP



As another point to ponder,
Most versions of Linux shipped today, package Bind to run as a non root
user.
    So in my experience with NDC, if you run as user "named", and you send-
NDC Reload, you'll get an error like, ( Unable to create named.pid ). and I
have seen named restarted as root. Maybe I'm doing something wrong, but for
me, the old fashioned command line editing still work's for me.

Dito Michael !!

DanO


Jim Reid wrote:
>
> >>>>> "Mark" == Cinense, Mark <macinen at sandia.gov> writes:
>
>     Mark> Can anyone tell me the pros' and cons' of ndc versus using
>     Mark> kill -HUP.  thanks....
>
> Using signals to "control" the name server is crude and old-fashioned.
> The interface provided by ndc is far more flexible: like allowing
> incremental zone reloads or re-reading the config file without loading
> every zone on the server. Another benefit of ndc is that it can allow
> the name server to be controlled by a different UID from the one that
> runs named. All that takes is suitable access permissions on the
> control socket used by the server and ndc. Another problem with the
> signals interface is that some signals have different effects on
> different versions of BIND.
>
> FWIW, BIND9 has rndc which is able to control a remote name server.
>
> Using signals to get the name server to do things is as obsolete and
> as as BIND4.
jim did a good job of laying out the "PRO" side. Here's
the "CON"
Some flavors of unix have security problems with unix
domain sockets. This allows a normal user to control
BIND. Kill -HUP doesn't suffer from this flaw.

joe lang

More information about the bind-users mailing list