Re: chroot bind?

To: Yotam Rubin <yotam@makif.omer.k12.il>
Cc: <debian-devel@lists.debian.org>, <nj.lee@plumtree.co.nz>
Subject: Re: chroot bind?
From: "Jaldhar H. Vyas" <jaldhar@debian.org>
Date: Sat, 21 Apr 2001 17:51:32 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.32.0104211748450.10711-100000@jyoti.braincells.com>
Reply-to: "Jaldhar H. Vyas" <jaldhar@debian.org>
In-reply-to: <[🔎] 20010421221753.A2776@insomia17>

On Sat, 21 Apr 2001, Yotam Rubin wrote:

> We could harden the default configuration with the following directives:
>
> options {
> 	version 'Not available';
> 	allow-transfer { none; };
> 	allow-recursion { localnets; };
> 	allow-query { localnets; };
> }
>
> We could allow the configuration of these directives via debconf, which
> will ask questions like: "Allow zone-transfers from which hosts?",
> Allow recursive queries from which sources?" and so forth.
> A more desirable structure will be exhibited by a script called add-zone,
> which will create a zone skeleton. This skeleton will be configured with
> security in mind.
> Also, the package should generate a key for use with tsig and add the
> appropriate statements to /etc/bind/named.conf
>
>  I see there are plenty of volunteers for this task, but I am willing to
> provide any assistance you may require.
>

You can start by implementing all that stuff you mentioned and sending in
a patch :-)

-- 
Jaldhar H. Vyas <jaldhar@debian.org>

Reply to:

Follow-Ups:
- Re: chroot bind?
  - From: nic@plumtree.co.nz
- Re: chroot bind?
  - From: Nicholas Lee <nj.lee@plumtree.co.nz>

References:
- Re: chroot bind?
  - From: Yotam Rubin <yotam@makif.omer.k12.il>

Prev by Date: Re: Sourceforge again
Next by Date: Re: FYI: dh_upx compresses i386 executables
Previous by thread: Re: chroot bind?
Next by thread: Re: chroot bind?
Index(es):
- Date
- Thread