Yeah, sure, just run it with your own special config file (with -c); in that
config file, set the listen-on to an unprivileged port, and make sure all of
the pathnames (including implicit pathnames like the pid-file) are to
files/directories to which the unprivileged user has read and (where necessary)
write access.
As a sanity check, I just fired up an instance on a Red Hat box, as an
unprivileged user, listening on port 12345. It's a caching-only config, with
our own internal-root hints, and it's resolving (internal) names just fine.
- Kevin
-----Original Message-----
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Tim
Daneliuk
Sent: Thursday, September 29, 2016 5:24 PM
To: John Miller
Cc: Bind Users
Subject: Re: Multiple IPs Associated With A Single Name
On 09/29/2016 04:18 PM, Tim Daneliuk wrote:
> On 09/29/2016 02:08 PM, John Miller wrote:
>> Hi Tim,
>>
>> AFAIK, multiple A records are the only way to return multiple IPs for
>> a given FQDN. there are multiple A records for a given name, BIND
>> will return all of those records -- it'll return all the IPs. It's
>> up to the client in question to decide how to use that information.
>>
>> John
>>
>
>
> Thanks all, for responding.
>
> One followup question. I am currently doing some engineering work for
> GreatBigHugeCo, wherein getting things like DNS updates done is very
> time and paperwork intensive. Sometimes I think it would be easier to
> do tensor analysis with an abacus, but I digress ...
>
> For reasons too long and complex to explain, I may want to do the
> following and need some input on how to implement this or whether it's even
> practical:
>
> - Run an instance of bind in user space so I can control all the
> configuration without having root.
>
> - Forward all lookups not in my database to a "real" DNS server
>
>
> What I am stuck on is this: Is there any simple (i.e., non-root) way
> to write a client or otherwise configure userspace to go to the
> non-standard port and run my sort of man-in-the-middle server? Or is
> this just a stupid idea?
>
>
I forgot to mention: At least one use case for this might be a case where I
can force the client in user space to use the DNS server and port of my
choosing. In that case, they won't be using the system DNS config and the
above would not apply. However, I am unclear on whether bind can be run
as an unprivileged user on a non-standard port.
--
----------------------------------------------------------------------------
Tim Daneliuk tun...@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
