Beware of bind-9.2.4-8_FC3:20 (was BIND (Network Manager}
Jeff Vian
jvian10 at charter.net
Sun Jan 23 15:58:43 UTC 2005
On Sun, 2005-01-23 at 11:22 +0000, Tony Dietrich wrote:
> On Saturday 22 Jan 2005 14:35, Bill Cronk wrote:
> > Craig Wrote:
> > >This is just my opinion and may not be similar to anyone else's.
> > >
> > >Red Hat's gui tool for admin BIND (I think it is system-config-named) is
> > >useless or worse than useless
> > >
> > >I don't use it. The only times I have tried to use it I abandoned
> > >everything that it did.
> > >
> > >I use webmin <http://www.webmin.com> where I need to set up dns. It's
> > >awesome.
> >
> > I have been using Webmin since one of the first releases. I agree it is
> > awesome and has improved immensely over the past couple of years.
> >
> > That is my preference for managing all my machines at work and here at home
> > too. However, I noticed with SuSE first and now Fedora is that to eliminate
> > difficulties in the initial setup of various services, one sometimes needs
> > to allow the stock distribution tools to do the setup. Then come in after
> > the fact and either tweak or manage the configurations with Webmin.
> >
> > In fact this very thing is what my current problem has been. Webmin never
> > seems to find the chroot files for DNS unless they are linked out to
> > /var/named as Fedora packages them. Also Webmin only creates the files in
> > the standard location of /var/named. I move the file to the chroot location
> > where Fedora has thier stock original files and then link it out to the
> > /var/named as Fedora did and all works as expected.
> >
> > I have not spent allot of time digging through Webmin due to the work load
> > ;), but do you know if they have an easy way to configure where the Webmin
> > modules go out and look for files for the services it can manage?
> >
> > Bill
> Bill, is there a particular reason you are running bind chrooted?
>
> What users is your bind servicing? Do you really *need* it chrooted?
> I tend to only chroot bind if I'm setting up a server that is going to be used
> by the unwashed massed, where I'm not in direct control of the server
>
> ... a server servicing a LAN or WLAN can normally be left un-chrooted, since
> I'm in control of the network security anyway. If I balls up with the
> security settings on the rest of the netweork, its my fault :p
>
> I then fire the guy that broke my security, and then fix the loophole :p
By default, FC3 runs bind in a chroot jail.
> --
> Tony Dietrich
> -------------
> Endless Loop, n.:
> see Loop, Endless.
> Loop, Endless, n.:
> see Endless Loop.
> -- Random Shack Data Processing Dictionary
>
More information about the users
mailing list