BIND less restrictive modes and policy

[Chris Adams]

Once upon a time, Adam Tkac <atkac at redhat.com> said:
> Generally on production servers only administrators have access so I
> don't think this is security issue. I think it's only feeling that
> configuration has to be private but I'm ready keep config files private
> if you think it really makes sence. But if some flaw is found and
> exploited it can't protect you.

Many servers don't just run one service (e.g. shared web hosting servers
will run HTTP, SMTP, DNS, etc.), so the config should be protected.

Anything else might as well be world-readable though (and this is really
true for any non-config/non-log file in any RPM), since they can easily
be downloaded through "teh intertubes".

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.