Re: bind running as root in Mandrake 7.0

To: Tim Haynes <piglet@glutinous.custard.org>
Cc: debian-security@lists.debian.org, Nick Phillips <nwp@checkaprice.com>
Subject: Re: bind running as root in Mandrake 7.0
From: "L. Besselink" <leen@poindexter.wirehub.nl>
Date: Mon, 5 Jun 2000 19:29:24 +0200 (CEST)
Message-id: <[🔎] Pine.BSF.4.21.0006051922060.14105-100000@poindexter.wirehub.nl>
In-reply-to: <[🔎] 20000605145508.K31639@glutinous.custard.org>

On Mon, 5 Jun 2000, Tim Haynes wrote:

> On Mon, Jun 05, 2000 at 01:33:33PM +0000, Nick Phillips wrote:
> > Michael Stone wrote:
> > 
> > > And I still think this is a stupid reason for us to be allowing a security
> > > problem to sit around--how many people run dns servers on machines with
> > > dynamic addresses?
> > 
> > Loads. How many people use IP masq to let their bunch of Win98 clients share
> > their net connection? How many ISPs give static IPs? QED.
> > 
> > It should probably be an install-time option.
> 
> Erm... 'usepeerdns' and stuff...
> 
> Another thought to throw into the fray.. What was that package that asks you
> for your local & external interfaces, then goes and ballses up a default
> firewall for you? ... Maybe some integration there could be fun.
> 
> How many people wanting to run bind need it listening on their ppp0 interface,
> which comes & goes merrily with dialups, rather than their eth0s and let the
> outgoing forwarded requests get masqueraded?
> 
> Just my $0.01..
> 
> ~Tim

You got it exactly right, there is no reason why anyone should be
listening on a dynamic IP address. If it's gonna change so much, then how
will people be able to find it ?

If it's about DHCP, then 'just' start that first before you startup bind.
Does DHCP also have something like a ppp-up script ? I think you can
specify that right ?

There is _no_ reason why any1 should do a DNS query on a PPP dialup. If
someone really needs it (static IP over ppp ?), make it so in ppp-up
(restart bind ? or is reload enough ?).

As long it's named.named, it really is very important. There are just too
many things in bind, that went wrong in the past.

My 2 cents.

-------------------------------------
New things are always on the horizon.

> -- 
> | Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++ 
> | w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-	     
> | So shine on, harvest moon,		   | http://piglet.is.dreaming.org/
> | Cast your might on the ripening corn 	   | piglet@glutinous.custard.org
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Re: bind running as root in Mandrake 7.0
  - From: Tim Haynes <piglet@glutinous.custard.org>

Prev by Date: Re: bind running as root in Mandrake 7.0
Next by Date: Unknown open ports
Previous by thread: Re: bind running as root in Mandrake 7.0
Next by thread: is it really useful to use chroot? (was: bind running as root in Mandrake 7.0)
Index(es):
- Date
- Thread