I've been investigating running named in a chrooted environment as a
non-privileged user, and I've hit a minor issue which will probabloy
bite people without source access (or who are unwilling to recompiled): 
named-xfer needs to be under the chroot cage, and by default, it's
compiled dynamically.

Now, it should be possible to use dynamic binaries in a chroot cage,
but it is much more work than if named-xfer was statically linked.

I've done a quick comparison of the size difference between named-xfer
statically vs dynamically linked (on 1.5/i386):

% size /usr/libexec/named-xfer*
text    data    bss     dec     hex     filename
254393  4960    12912   272265  42789   /usr/libexec/named-xfer
187585  4864    7744    200193  30e01   /usr/libexec/named-xfer.dyn

% ls -l /usr/libexec/named-xfer*
272 -r-xr-xr-x  1 root  wheel  270024 Feb  8 19:07 /usr/libexec/named-xfer*
200 -r-xr-xr-x  1 root  wheel  195576 Nov 16 20:38 /usr/libexec/named-xfer.dyn*

Given this minor size difference I don't see a major issue with making
named-xfer static.

Are there any serious objections to me doing this?
Other comments?

Luke.

PS: I'm going to document how I did this, and also consider making
the default (after discussion)

-- 
Luke Mewburn  <lukem@wasabisystems.com>  http://www.wasabisystems.com
Luke Mewburn     <lukem@netbsd.org>      http://www.netbsd.org
Wasabi Systems - providing NetBSD sales, support and service.