Is chrooted bind really necessary?
Hello all,
I recently tried to install bind chrooted on a completely fresh debian etch r2. I used howtoforge guide to chroot bind but cant get bind started. I get an error what i think is permission related. After lots of frustration i was beginning to ask myself: is it really needed to chroot bind? So since I don't know i ask you guys :) Is it really needed? Is it really that big of a security risk. How can external people abuse a not chrooted bind? |
I don't think any security measure exists which is necessary (unless it's required by law). But it's important that you assume that your BIND daemon will be compromised, and take pre-emptive measures for that. That's probably what your tutorial was aiming at with the chroot suggestion. Perhaps you should get a good night's sleep and then try again. I mean, chroot provides a very weak layer of security, but it's better than nothing at all. In the future, you might wanna look at mandatory access control instead.
|
In addition you also might want to ask yourself if you want to run ISC BIND and not djbdns.
|
All times are GMT -5. The time now is 02:58 AM. |