Maintained by: NLnet Labs

[Unbound-users] RHEL 5 and Unbound

Paul Wouters
Wed Oct 20 02:31:46 CEST 2010


On Tue, 19 Oct 2010, Kevin Chadwick wrote:

> Assuming there is a bug in unbound (OpenBSD are thinking of adopting it,
> so it must be good) meaning that where your important stuff is
> matters. Then likely so do all the binaries etc. (if they have not been
> removed) that may be used for priviledge elevation. It certainly can't
> harm.

What I meant was "the only valuable data on a dedicated nameserver resides
within the chroot, no need to get outside it. Its the compromise of the
nameserver data that matters, not the host. (the host is really just a container)

>> (sometimes outdated)
>> binaries or special devices or config files in the chroot.
>
> Will you look after it or leave it to get dusty.

I don't use chroot. So I do not have duplicate/old binaries around.

>> Is it finding ssl (you did not add --with-ssl). I've seen a lot of
>> speed differences with different versions of openssl.
>
> Can you remember which one was slow and which was fast?

0.9.[678] was faster then 1.0.0beta, but I think 1.0.0 was fastest.

Paul