Re: bind9 and ipv6
nate wrote:
> Also I reccomend of course
> running BIND as a non-root uid/gid and in chroot(). This may require
> some additional setup especially for the chroot().
Or better still, use another DNS that does this automatically. I use
maradns, which by default runs as a non-privileged user in a chroot
jail. As an internal-use-only server, it works fine, though there is a
minor glitch about resolving CNAME records recursively (i.e. if your DNS
config has a CNAME that resolves to a name outside your domain,
requiring a recursive lookup, it doesn't seem to work, or at least, it
didn't the last time I tried it, a few months ago).
Craig
Reply to: