Re: chroot bind?
On Sat, 21 Apr 2001, Yotam Rubin wrote:
> We could harden the default configuration with the following directives:
>
> options {
> version 'Not available';
> allow-transfer { none; };
> allow-recursion { localnets; };
> allow-query { localnets; };
> }
>
> We could allow the configuration of these directives via debconf, which
> will ask questions like: "Allow zone-transfers from which hosts?",
> Allow recursive queries from which sources?" and so forth.
> A more desirable structure will be exhibited by a script called add-zone,
> which will create a zone skeleton. This skeleton will be configured with
> security in mind.
> Also, the package should generate a key for use with tsig and add the
> appropriate statements to /etc/bind/named.conf
>
> I see there are plenty of volunteers for this task, but I am willing to
> provide any assistance you may require.
>
You can start by implementing all that stuff you mentioned and sending in
a patch :-)
--
Jaldhar H. Vyas <jaldhar@debian.org>
Reply to: