[Unbound-users] RHEL 5 and Unbound
Paul Wouters
paul at xelerance.com
Wed Oct 20 00:31:46 UTC 2010
On Tue, 19 Oct 2010, Kevin Chadwick wrote:
> Assuming there is a bug in unbound (OpenBSD are thinking of adopting it,
> so it must be good) meaning that where your important stuff is
> matters. Then likely so do all the binaries etc. (if they have not been
> removed) that may be used for priviledge elevation. It certainly can't
> harm.
What I meant was "the only valuable data on a dedicated nameserver resides
within the chroot, no need to get outside it. Its the compromise of the
nameserver data that matters, not the host. (the host is really just a container)
>> (sometimes outdated)
>> binaries or special devices or config files in the chroot.
>
> Will you look after it or leave it to get dusty.
I don't use chroot. So I do not have duplicate/old binaries around.
>> Is it finding ssl (you did not add --with-ssl). I've seen a lot of
>> speed differences with different versions of openssl.
>
> Can you remember which one was slow and which was fast?
0.9.[678] was faster then 1.0.0beta, but I think 1.0.0 was fastest.
Paul
More information about the Unbound-users
mailing list