On Tue, Sep 17, 2002 at 03:51:03AM -0700, Thomas Bushnell, BSG wrote: > Javier Fernández-Sanguino Peña <email@example.com> writes: > > > No, no folly. Please think a moment. What permissions are you > > suggestion for master zone files? 644 with root:root? That's plain wrong, > > I don't want my master zone files to be accesible by any other process > > than the name server. That's sensible information, you do disable zone > > transfers don't you? > > People who think they are getting security by keeping the master zone > file private should not be allowed to suggest security policy. Then I take it that you are allowing zone file transfers from your DNS server. What the use are file permissions if you do not enforce them? Do you suggest we use 644 root.root permissions for all configuration files? What if my policy says that zone information should be kept private? People who do not find a way to make useful criticism should keep their mouths shout. Javi PS: Fyi (if that is useful in anyway) I'm the main writer of the "Debian Securing Manual", the upstream developer of Tiger and the Debian maintainer/porter for Bastille (and Nessus, initially).
Description: PGP signature