'succesful' nsupdate of remote server not persistent across nameserver restart?

jasonsu at mail-central.com jasonsu at mail-central.com
Mon Apr 25 18:44:22 UTC 2016

On Mon, Apr 25, 2016, at 11:33 AM, Matthew Pounsett wrote:
> Unless you have a clear reason to do it (perhaps there's some security
> consideration I haven't thought of) it seems to me it's unnecessary
> complexity that would lead to problems just like this.


Still, I'd honestly like to know that my chroot'd environment make sense, and works, and why -- rather than just being lucky that it doesn't break.

I'm gonna stick with trying to figure this out -- and likely afterwards stop tearing down the existing chroot on exit.

> > I'm not clear on it.
> Although BIND 9 has never had a remote code execution exploit that I'm
> aware of, it's still advisable to run it in a chroot environment.

Oh well.

I completely gave up on chroot'd ntpd because of the endless weirdness.  Finally just moved to openntpd as (1) it had safe privsep, (2) no chroot req'd, and (3) did the job I need.

It'd be great to be able to dump it here too, but since, for the moment, bind9 does (3) for me nicely, and nothing else does quite yet, I guess I stick with chroot.

But IMO it'd be really nice if it went away.  And from what I'm reading in various threads online, I'm not the only one who wouldn't mind.

Now back to figuring this^ out :-/



More information about the bind-users mailing list