Re: Beware of bind-9.2.4-8_FC3:20 (was BIND (Network Manager}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2005-01-23 at 11:22 +0000, Tony Dietrich wrote:
> On Saturday 22 Jan 2005 14:35, Bill Cronk wrote:
> > Craig Wrote:
> > >This is just my opinion and may not be similar to anyone else's.
> > >
> > >Red Hat's gui tool for admin BIND (I think it is system-config-named) is
> > >useless or worse than useless
> > >
> > >I don't use it. The only times I have tried to use it I abandoned
> > >everything that it did.
> > >
> > >I use webmin <http://www.webmin.com> where I need to set up dns. It's
> > >awesome.
> >
> > I have been using Webmin since one of the first releases. I agree it is
> > awesome and has improved immensely over the past couple of years.
> >
> > That is my preference for managing all my machines at work and here at home
> > too. However, I noticed with SuSE first and now Fedora is that to eliminate
> > difficulties in the initial setup of various services, one sometimes needs
> > to allow the stock distribution tools to do the setup. Then come in after
> > the fact and either tweak or manage the configurations with Webmin.
> >
> > In fact this very thing is what my current problem has been. Webmin never
> > seems to find the chroot files for DNS unless they are linked out to
> > /var/named as Fedora packages them. Also Webmin only creates the files in
> > the standard location of /var/named. I move the file to the chroot location
> > where Fedora has thier stock original files and then link it out to the
> > /var/named as Fedora did and all works as expected.
> >
> > I have not spent allot of time digging through Webmin due to the work load
> > ;), but do you know if they have an easy way to configure where the Webmin
> > modules go out and look for files for the services it can manage?
> >
> > Bill
> Bill, is there a particular reason you are running bind chrooted?
> 
> What users is your bind servicing?  Do you really *need* it chrooted?
> I tend to only chroot bind if I'm setting up a server that is going to be used 
> by the unwashed massed, where I'm not in direct control of the server
> 
>  ... a server servicing a LAN or WLAN can normally be left un-chrooted, since 
> I'm in control of the network security anyway.  If I balls up with the 
> security settings on the rest of the netweork, its my fault :p
> 
> I then fire the guy that broke my security, and then fix the loophole :p

By default, FC3 runs bind in a chroot jail.

> -- 
> Tony Dietrich
> -------------
> Endless Loop, n.:
>  see Loop, Endless.
> Loop, Endless, n.:
>  see Endless Loop.
>   -- Random Shack Data Processing Dictionary
> 


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux