bind in jail?
Do most people who run bind or bind9 on Debian, recompile the program to
run in a chroot environment ("jail")? Or perhaps, should this not be
necessary in Sarge because it has other defenses in place?
Running bind this way is a recommendation that you can often read about.
I also wonder what the *real* dangers would be from exposing bind to the
outside world. What bad things can happen, and could bind in fact be a
starting point for someone to break into a system? I have not seen too
much real world information about this so far (I could have looked in
the wrong places of course...)