* ARAKI Yasuhiro said: > > > have a notebook or (as said in the README) using some tunneling stuff, you > > > might have interfaces going up and down dynamically all the time. If bind > > > isn't run as root then you'd have to restart it BY HAND every time any > > > interface changes. > > Yes. This is true. But, I believe system administrator want to run > any server like bind on the stable machine. > So, they won't select notebook. Why? I know people who run just caching bind on dynamically linked machines. Either way, it should be supported. > > I disagree with these priorities. The default should be as secure as > > possible. If we can get a little advantage by running as non-root, we > > should do it. If someone has a requirement that won't work with that > > configuration they should change whatever they need to. *But* they > > should have to take a definate action to reduce their security--it > > should not be done by default. > > I agree. Running bind by non-root is good for security and beginner admin. I completely agree and never stated otherwise. It's just a matter of making the administrator aware of the danger. marek
Attachment:
pgpbJYVJlNOcC.pgp
Description: PGP signature