[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)



On Tue, Sep 17, 2002 at 09:45:39AM +0200, Javier Fernández-Sanguino Peña wrote:
> On Mon, Sep 16, 2002 at 02:11:31PM -0400, Stephen Frost wrote:
> > * Javier Fern?ndez-Sanguino Pe?a (jfs@dat.etsit.upm.es) wrote:
> > > (the 'named' user gets created)
> > > 2.- user configures the name server and sets the zone information in
> > > common dir, for example /var/named/

> > Now hang on a second here.  You think the master zone files are going to
> > be owned by the named user?  That's a bad assumption to begin with, they
> > should be owned by root (as they are on my system...).  So, really, all
> > we're talking about here are cache files which should be recreated when
> > you update anyway.  I should have realized the folly of the original
> > proposal earlier.

> 	No, no folly. Please think a moment. What permissions are you
> suggestion for master zone files? 644 with root:root? That's plain wrong,
> I don't want my master zone files to be accesible by any other process
> than the name server. That's sensible information, you do disable zone 
> transfers don't you?

I disable zone transfers as protection against DoS attacks, not because
any of the information contained within is sensitive.  Unnecessary zone
transfers can seriously drag down a name server.  If you believe your
zone files need to be protected from prying eyes, it seems to me you have
specialized requirements outside the scope of what Debian needs to
provide.

Steve Langasek
postmodern programmer

Attachment: pgpSeV6iDY_Ha.pgp
Description: PGP signature


Reply to: