'succesful' nsupdate of remote server not persistent across nameserver restart?

jasonsu at mail-central.com jasonsu at mail-central.com
Wed Apr 27 13:37:07 UTC 2016

On Wed, Apr 27, 2016, at 06:30 AM, Matthew Pounsett wrote:
> > Actually it is normal for privsep processes to chroot themselves, usually
> > to /var/empty - e.g.
> Right, so "no chroot necessary" (which is what I was responding to) isn't
> accurate.

Oh.  That's not what I got out of your comment.

>From this end-user's perspective, there's a pretty big difference from a user perspective of 

(1) "it" uses privsep, and takes care of the chroot for you -- i.e., you don't mess with it, and it's all in a documented, predictable package


(2) you have to monkey with all of it yourself.  It's either easy & insecure, or secure but 'good luck with it'.


More information about the bind-users mailing list