Re: bin/53652: Change permission of namedb directory

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,taca%back-street.net@localhost
Subject: Re: bin/53652: Change permission of namedb directory
From: Takahiro Kambe <taca%back-street.net@localhost>
Date: Sun, 14 Oct 2018 12:45:00 +0000 (UTC)

The following reply was made to PR bin/53652; it has been noted by GNATS.

From: Takahiro Kambe <taca%back-street.net@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: jnemeth%cue.bc.ca@localhost, taca%back-street.net@localhost
Subject: Re: bin/53652: Change permission of namedb directory
Date: Sun, 14 Oct 2018 21:43:41 +0900 (JST)

 In message <20181011042001.B35D77A270%mollari.NetBSD.org@localhost>
 	on Thu, 11 Oct 2018 04:20:01 +0000 (UTC),
 	John Nemeth <jnemeth%cue.bc.ca@localhost> wrote:
 >  } I think we should go with the first option (revert/make writable). Opinions?
 >  
 >       I seriously think we should go with the second option.  Having
 >  /etc/namedb writable by daemon of a master server leaves it open
 >  to complete corruption of the zone files and possibly configuration
 >  files if there is a compromise of the server.  I recognise that
 >  this may be a nuisance on a server that mainly server slave zones
 >  since it means that you can't just add a zone to the config file.
 >  This kinda leads to the idea that it should be an option.
 I agree with you.
 
 * As like "nta" directory, introduce a directory to named write to
   default.
 
 * Define name of the statement define the directory; "work-dir" or
   "data-dir".
 
 * Change code of named to write under the directory.
 
 -- 
 Takahiro Kambe <taca%back-street.net@localhost>

Prev by Date: Re: kern/53664 (nfs client broken on netbsd-8)
Next by Date: Re: kern/53637 (no ethernet on Orange Pi One)
Previous by Thread: Re: bin/53652: Change permission of namedb directory
Next by Thread: Re: bin/53652: Change permission of namedb directory
Indexes:

Home | Main Index | Thread Index | Old Index