system:balug_dns
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
system:balug_dns [2007-05-13T23:50:44+0000] 198.144.194.236 |
system:balug_dns [2007-05-14T02:22:32+0000] 198.144.194.236 typo fixes |
||
|---|---|---|---|
| Line 11: | Line 11: | ||
| *it should **not listen on other IPs** (most notably for DNS) | *it should **not listen on other IPs** (most notably for DNS) | ||
| *the one exception so far, is it **does listen for control (rndc) connection on a non-default port on 127.0.0.1** - again, **do use the appropriate -balug** commands to avoid accidentally operating on the incorrect DNS server. | *the one exception so far, is it **does listen for control (rndc) connection on a non-default port on 127.0.0.1** - again, **do use the appropriate -balug** commands to avoid accidentally operating on the incorrect DNS server. | ||
| - | *The BALUG DNS server runs using user:group balugdns:balugdns. Note that **for security reasons**, to the extent feasible (and as appropriate), **user balugdns and group balugdns should not have access to alter any content on the host or have any special privilges on the host**. Note that it //may// be permissible for user balugdns or group balugdns to alter some files where that is explicitly desired (e.g. PID files, statiistics dump files, cache dump files, slave files). Note also that in general, user balugdns or group balugdns needs read access to master zone files to be served (generally read access on files, and read and "execute"(/search) on directories and ancestor directories). | + | *The BALUG DNS server runs using user:group balugdns:balugdns. Note that **for security reasons**, to the extent feasible (and as appropriate), **user balugdns and group balugdns should not have access to alter any content on the host or have any special privileges on the host**. Note that it //may// be permissible for user balugdns or group balugdns to alter some files where that is explicitly desired (e.g. PID files, statistics dump files, cache dump files, slave files). Note also that in general, user balugdns or group balugdns needs read access to master zone files to be served (generally read access on files, and read and "execute"(/search) on directories and ancestor directories). |
| *in general, only superuser (UID 0, a.k.a. "root") should be able to alter BALUG DNS files (most notably master zone files). The BALUG DNS (running in chroot environment, with user and group balugdns) should mostly only be able to alter the few exception files (or contents of directories needed to support such), noted above (e.g. PID files, etc.). | *in general, only superuser (UID 0, a.k.a. "root") should be able to alter BALUG DNS files (most notably master zone files). The BALUG DNS (running in chroot environment, with user and group balugdns) should mostly only be able to alter the few exception files (or contents of directories needed to support such), noted above (e.g. PID files, etc.). | ||
| - | ***THE PRIMARY PURPOSE FOR THE BALUG DNS SERVER** is for serving DNS zones of interest to BALUG and/or any other such hosting BALUG deems apropriate or wishes to do for folks/organizations (e.g. reciprocal or hosted slave services, etc.) | + | ***THE PRIMARY PURPOSE FOR THE BALUG DNS SERVER** is for serving DNS zones of interest to BALUG and/or any other such hosting BALUG deems appropriate or wishes to do for folks/organizations (e.g. reciprocal or hosted slave services, etc.) |
| ===== THE STATE OF BALUG.ORG. DNS ===== | ===== THE STATE OF BALUG.ORG. DNS ===== | ||
| **AT LEAST AT THE PRESENT TIME (2007-05-13), PLEASE NOTE THE FOLLOWING**: | **AT LEAST AT THE PRESENT TIME (2007-05-13), PLEASE NOTE THE FOLLOWING**: | ||
system/balug_dns.txt ยท Last modified: 2020-03-13T07:16:30+0000 by michael_paoli
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
