Installing bind is not very clear for me
Reindl Harald
h.reindl at thelounge.net
Thu Sep 3 21:19:25 UTC 2015
Am 03.09.2015 um 23:16 schrieb Robert Moskowitz:
> On 09/03/2015 05:02 PM, Reindl Harald wrote:
>>
>> Am 03.09.2015 um 22:59 schrieb Robert Moskowitz:
>>> On 09/03/2015 04:35 PM, Leandro wrote:
>>>> Ok ...
>>>> I got BIND 9.10.2-P3 working.
>>>> I compiled with
>>>>
>>>> ./configure --with-openssl --enable-threads --with-libxml2
>>>> --with-libjson
>>>> make
>>>> make install
>>>>
>>>> Json statistics channel is working and chroot is not longer mandatory.
>>>
>>> But do make sure you have selinux enforced. Or run behind multiple
>>> firewalls...
>>
>> behind *multiple firewalls* - ?!?! - oh come on and get serious
>> instead promote snakeoil - typically BIND is *not* running as root and
>> hence does not need any special handling compared to any other network
>> service
>>
>> get rid of the horror stories from the 1990's..............
>
> I dealt with customers that did suffer from island hopping attacks. Deep
> penetration. They had some systems not registered and vulnerable
> allowing what was thought safe to be stolen.
and 1000 firewalls in front doing all the same would not have changed
anything, so just don't spread FUD and suggest anything gets better by
throwing *random* undefined things in front of wahtever service
> But I am done with that work
hopefully
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150903/0481c88a/attachment.bin>
More information about the bind-users
mailing list