https://bugzilla.novell.com/show_bug.cgi?id=738156 https://bugzilla.novell.com/show_bug.cgi?id=738156#c15 --- Comment #15 from lynn wilson <lynn@steve-ss.com> 2011-12-23 02:47:04 UTC --- (In reply to comment #10)
a) The chroot default is a reasonable and more secure approach.
b) Changing the default by _no_ reason is bad. Cause you're not able to configure Samba4 in the way it's able to work with a chrooted bind setup is no argument to modify a reasonable and working approach. Up to now no user complained about the chroot approach.
Up to now bind was used to resolve names in Internet, rather than as a vital element in authenticating against a microsoft domain. Lars, you yourself have commented on the not too healthy state of the chroot script. Those of us who take the time to test software should be rewarded with an easy to configure default setup. Developers should therefore be aware that not all users will use production versions of software which need dns in a jail. By all means provide it but make life easy for us testers.
c) /var/lib/named owned by named: is wrong. This gives the named process more rights than needed.
Please read comment #8 again before you make a statement again which sounds as you've not read what I explained in comment #8.
I've used dynamic updates with BIND and these settings over many years. What comment#8 doesn't state direct or verbose is:
Your zone definitions in named.conf have to reference /var/lib/named/dyn/ as location to store the particular dynamic zone file. But for a person willing and able to handle BIND this must have been clear after what got written in comment #8.
If you still believe something is wrong with the default permissions of the directory created by the bind package please file a separate bug report.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.