Maintained by: NLnet Labs

[Unbound-users] [wishlist] unbound vs djbdns

Kevin Chadwick
Wed Jun 15 22:56:57 CEST 2011


On Wed, 15 Jun 2011 21:00:16 +0200
Leen Besselink wrote:

> tcpdump on OpenBSD kind of does this, they have 2 processes and use
> privilege separation.
> 
> So the process doing the parsing is a chroot'ed and running as nobody or
> something similair.

_tcpdump, safer to have it's own user.

And yet the OpenBSD devs and many others still recommend not to run it
in parse mode (not using -w = a default snaplen of 96) live on
production boxes/firewalls.