Beware of bind-9.2.4-8_FC3:20 (was BIND (Network Manager}

Tony Dietrich td at transoft.demon.co.uk
Sun Jan 23 11:22:51 UTC 2005 

On Saturday 22 Jan 2005 14:35, Bill Cronk wrote:
> Craig Wrote:
> >This is just my opinion and may not be similar to anyone else's.
> >
> >Red Hat's gui tool for admin BIND (I think it is system-config-named) is
> >useless or worse than useless
> >
> >I don't use it. The only times I have tried to use it I abandoned
> >everything that it did.
> >
> >I use webmin <http://www.webmin.com> where I need to set up dns. It's
> >awesome.
>
> I have been using Webmin since one of the first releases. I agree it is
> awesome and has improved immensely over the past couple of years.
>
> That is my preference for managing all my machines at work and here at home
> too. However, I noticed with SuSE first and now Fedora is that to eliminate
> difficulties in the initial setup of various services, one sometimes needs
> to allow the stock distribution tools to do the setup. Then come in after
> the fact and either tweak or manage the configurations with Webmin.
>
> In fact this very thing is what my current problem has been. Webmin never
> seems to find the chroot files for DNS unless they are linked out to
> /var/named as Fedora packages them. Also Webmin only creates the files in
> the standard location of /var/named. I move the file to the chroot location
> where Fedora has thier stock original files and then link it out to the
> /var/named as Fedora did and all works as expected.
>
> I have not spent allot of time digging through Webmin due to the work load
> ;), but do you know if they have an easy way to configure where the Webmin
> modules go out and look for files for the services it can manage?
>
> Bill
Bill, is there a particular reason you are running bind chrooted?

What users is your bind servicing?  Do you really *need* it chrooted?
I tend to only chroot bind if I'm setting up a server that is going to be used 
by the unwashed massed, where I'm not in direct control of the server

 ... a server servicing a LAN or WLAN can normally be left un-chrooted, since 
I'm in control of the network security anyway.  If I balls up with the 
security settings on the rest of the netweork, its my fault :p

I then fire the guy that broke my security, and then fix the loophole :p
-- 
Tony Dietrich
-------------
Endless Loop, n.:
 see Loop, Endless.
Loop, Endless, n.:
 see Endless Loop.
  -- Random Shack Data Processing Dictionary

More information about the fedora-list mailing list