[Dnsmasq-discuss] Two questions about the cache and how dnsmasq forwards queries
/dev/rob0
rob0 at gmx.co.uk
Thu Feb 18 16:18:32 GMT 2010
On Thu, Feb 18, 2010 at 09:12:04AM +0100, Matthias Andree wrote:
> I don't use port redirections though and have static network
> interfaces on my computers (Linux and FreeBSD). BIND9 gets
> 127.0.0.1:53, DNSMASQ all other interfaces port 53.
This is fine, but it means that named needs to be started by root.
I'm using nonprivileged ports, so at least in theory, it could be
started and run by any user who can read the config and hints file.
(In practice I am using "named -u named" as root.)
> No iptables games necessary.
Perhaps you misunderstood the iptables commands in my example? They
were not necessary; they merely restrict access to named's ports to
the dnsmasq user only. I don't use them myself; like I said, if you
don't trust your shell users, get rid of them!
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
More information about the Dnsmasq-discuss
mailing list