nate wrote: > Also I reccomend of course > running BIND as a non-root uid/gid and in chroot(). This may require > some additional setup especially for the chroot().
Or better still, use another DNS that does this automatically. I use maradns, which by default runs as a non-privileged user in a chroot jail. As an internal-use-only server, it works fine, though there is a minor glitch about resolving CNAME records recursively (i.e. if your DNS config has a CNAME that resolves to a name outside your domain, requiring a recursive lookup, it doesn't seem to work, or at least, it didn't the last time I tried it, a few months ago). Craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
