Date: Sun, 25 Jul 1999 19:39:39 -0700 From: Doug <Doug@gorean.org> To: Sue Blake <sue@welearn.com.au> Cc: security@freebsd.org Subject: Re: sandbox?? Message-ID: <379BCA6B.FEBDFE47@gorean.org> References: <19990726040233.E7349@welearn.com.au> <19990725214712.F14954@daemon.ninth-circle.org> <19990726065455.N7324@welearn.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Sue Blake wrote: > Either we need documentation (and/or pointers) for the background > theory and a guide to its actual implementation for named in FreeBSD to > encourage people to use it, or we need to disambiguate and discourage > its use in named.conf while providing non-sandbox examples for > secondaries in the new style config file that the "kids" can learn from > without confusion. After some good feedback on sandboxes, it seems that > the latter is the more appropriate, particularly in view of the > concurrent scarcity of documentation for BIND 8. I agree that the current named.conf file is too messy, too confusing, and provides too many examples of ways to shoot oneself in the foot. However, you are incorrect about the level of documentation available for BIND 8. Someone else already provided you a pretty good bibliography. > Thanks for the security explanation. A lot of people seem to be > interested in this but too afraid to ask :-) Well that's just silly. We can't help people who don't ask questions, and we certainly can't help people who are "afraid" to post a question to a mailing list. > There must be a good book > that explains it all. Anyone know? It would almost be worth buying and > studying another book in order to be eligible to ask questions on how > to use the examples provided in the new named.conf :-) Better still, if > it can be condensed into something digestible by newbies I might try > writing a summary introduction with examples, recommending either for > or against its use by learners. New users should not be messing with DNS, and they definitely should not be messing with advanced features like the experimental sandbox code. At minimum a user should read the cricket book, and have a good understanding of _why_ they would want to set up a DNS server in the first place. I'll take a look at the current file and see about simplifying it this week, of course that doesn't guarantee that it'll get committed. Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?379BCA6B.FEBDFE47>