From owner-freebsd-security  Wed Jan 31 23:31:34 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 640BA37B698
	for <freebsd-security@freebsd.org>; Wed, 31 Jan 2001 23:31:17 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Wed, 31 Jan 2001 23:29:10 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f117UVw24081;
	Wed, 31 Jan 2001 23:30:31 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 31 Jan 2001 23:30:28 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Alfred Perlstein <bright@wintelcom.net>,
	Brian Behlendorf <brian@collab.net>,
	Roman Shterenzon <roman@xpert.com>, freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
Message-ID: <20010131233028.S91447@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <20010131140447.E26076@fw.wintelcom.net> <Pine.BSF.4.31.0101311447150.729-100000@localhost> <20010131145423.H26076@fw.wintelcom.net> <200101312305.f0VN5vJ19469@earth.backplane.com> <20010131151531.I26076@fw.wintelcom.net> <200101312327.f0VNRPv20077@earth.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <200101312327.f0VNRPv20077@earth.backplane.com>; from dillon@earth.backplane.com on Wed, Jan 31, 2001 at 03:27:25PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Jan 31, 2001 at 03:27:25PM -0800, Matt Dillon wrote:
> :>     I think we can easily make it the default.
> :
> :If it breaks HUP, then not really. :)
> :
> :I'm not sure how bind handles restarts, but even if it exec(2)s over
> :itself it can track the fd open for its socket and shouldn't have to
> :rebind it.
> 
>     You gotta work with what you have.  Bind outsmarts itself in a lot
>     of places, especially the stupid interface scanning/binding code.  The
>     last thing I want it to do is hold *any* state from the previous
>     incarnation across a restart.  Frankly, restarting is not a big deal
>     even if you have hundreds or thousands of domains.  I always restarted
>     named at BEST rather then HUP it, becausing HUPing is simply too
>     dangerous when you make random modifications to dozens of primary
>     zone files out of thousands.

You also loose the cache. Some people may not like that.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message