-   Linux - Security (
-   -   Is chrooted bind really necessary? (

jarco 01-15-2009 03:46 AM

Is chrooted bind really necessary?
Hello all,

I recently tried to install bind chrooted on a completely fresh debian etch r2.
I used howtoforge guide to chroot bind but cant get bind started. I get an error what i think is permission related. After lots of frustration i was beginning to ask myself: is it really needed to chroot bind?

So since I don't know i ask you guys :)

Is it really needed? Is it really that big of a security risk. How can external people abuse a not chrooted bind?

win32sux 01-15-2009 03:59 AM

I don't think any security measure exists which is necessary (unless it's required by law). But it's important that you assume that your BIND daemon will be compromised, and take pre-emptive measures for that. That's probably what your tutorial was aiming at with the chroot suggestion. Perhaps you should get a good night's sleep and then try again. I mean, chroot provides a very weak layer of security, but it's better than nothing at all. In the future, you might wanna look at mandatory access control instead.

unSpawn 01-15-2009 01:32 PM

In addition you also might want to ask yourself if you want to run ISC BIND and not djbdns.

All times are GMT -5. The time now is 09:20 PM.