Not getting an IPv6 in a jail
John Baldwin
jhb at freebsd.org
Thu Sep 3 12:21:40 UTC 2009
On Wednesday 02 September 2009 12:09:17 pm Doug Barton wrote:
> FLEURIOT Damien wrote:
>
> > BIND's now happily running in its jail and responding to public
> > queries.
>
> It's up to you if you choose to do it, but there is no reason to run
> BIND in a jail. The chroot feature provided by default by rc.d/named
> is quite adequate security.
That is debatable. One of the chief benefits of a jail is that if a server is
compromised so that an attacker can gain root access that root access is
limited in what it can do compared to a simple chroot. That is true for any
server you would run under a jail, not just BIND.
--
John Baldwin
More information about the freebsd-stable
mailing list