Re: bind reacts badly to dhcpcd losing/regaining connectivity

[christos%zoulas.com@localhost (Christos Zoulas)]

On Apr 15,  5:29pm, kre%munnari.OZ.AU@localhost (Robert Elz) wrote:
-- Subject: Re: bind reacts badly to dhcpcd losing/regaining connectivity

| ps: Christos - capabilities (if we had them) would not be the answer - if you
| were to trust bind to be unhackable, then just using root would be just as
| good a solution, if you (wisely) fail to believe that all named's bugs
| have been fixed, and that it can still be hacked, then giving it extra
| capabilities would still be allowing a privilege escalation - not as big
| a one as directly to root perhaps, but big things can often be built on
| small steps, and taking over a nameserver's answers (being able to intercept
| queries to port 53 and return bogus replies) is one of the standard ways
| to launch all kinds of attacks - allowing a hacker to bind to port 53,
| and perhaps other priv'd ports, depending upon the granualarity of the perms,
| which a capability based solution would essentially do (given named bugs
| remain to be exploited) is essentially giving them control of your network.

I agree. If the bind license was not changed to MPL I would be inclined
to add an option to do a wild-card bind(2). Given that it is and
we are stuck with a version that we are not going to upgrade until
that situation changes I'd advise to switch to unbound/nsd. Of course
it would have been nice if ISC would have dual licensed bind to make
an exception for the opensource operating systems, but they did not
do that either.

christos