On Apr 2, 2019, at 03:03, Anand Buddhdev wrote:
> 1. The simple one is to configure BIND with the "--disable-linux-caps"
> option. The notes say that this comes at the cost of some security, but
> it's not clear what the risks are.
I think it is just the cost of the added security caps provides.
Hello Anand / Tony
On 02/04/2019 20.25, Anand Buddhdev wrote:
On 02/04/2019 17:12, Tony Finch wrote:
Hi Tony,
I have not noticed these errors on my toy server. I had a look at the code
and I thought Stephan's explanation was correct. My guess is that he is
starting named without root privileg
On 02/04/2019 17:12, Tony Finch wrote:
Hi Tony,
> I have not noticed these errors on my toy server. I had a look at the code
> and I thought Stephan's explanation was correct. My guess is that he is
> starting named without root privileges, so it is unable to switch back and
> forth between users
Anand Buddhdev wrote:
>
> I'm not sure why it's doing that, but I think I know the reason for this
> error message. The release notes of 9.14.0 say that on Linux, BIND uses
> libcap to set certain privileges. However, if the /usr/sbin/named binary
> is not marked as being able to use privileges, t
On 28/03/2019 14:40, Gasoo wrote:
Hi Stephan,
> Mar 25 16:41:56 dnsserver named[1348]: unable to set effective uid to 0:
> Operation not permitted
[snip]
> Why does named want to set the uid of itself back to 0?
> Has anyone seen this as well?
I'm not sure why it's doing that, but I think I kn
Hello
I build my own bind9 RPM for RHEL6 and RHEL7.
With the new version I get two errors when starting named.
Mar 25 16:41:56 dnsserver named[1348]: using default UDP/IPv4 port
range: [1024, 65535]
Mar 25 16:41:56 dnsserver named[1348]: listening on IPv4 interface lo,
127.0.0.1#53
Mar 25 16:4
6 matches
Mail list logo
