[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re : named -t flag does not work?



Bob Beck wrote:
> Back to "did they really need to"
>
> I'll bet a beer that they simply didn't want to move their
> configuration files from their existing location and therefore decided
> to run it outside the chroot.

My situation is that I run a hidden master that gets zone files from
customers dns/ directories based on a template named.master file built from
SQL. I ended up using a union mount to put the directories under
/var/named/u.

> We should not support such laziness. If the choice is
> lazy/convienince versus security, we should choose security. Required
> functionality is different. I'm betting this is laziness.

All the prior said, I however agree. I could have written the template
building script to also copy zone files into a directory rather than getting
them directly. Laziness is no excuse - but in this case it was legacy and no
time to rewrite.

Peter