Secure Server
T. Howell-Cintron
fedora-list at kathera.com
Wed Aug 5 18:22:55 UTC 2009
Todd Zullinger wrote:
> DNS is a little more worrying, as BIND has had more problems over the
> years. It has been much better in recent years though. By default,
> the named service is run as a non-root user. It's also confined by
> SELinux. It can optionally be run in chroot jail, that might further
> limit a successful exploit of the service.
Some might suggest djbdns (http://cr.yp.to/djbdns.html) as it's fast,
has a great track record as far as security goes, and it's pretty easy
to work with. You can Google for RPMs.
Some might say DJB can go pound snow. I think it's personal preference.
-- Tom
More information about the fedora-list
mailing list