[Unbound-users] [wishlist] unbound vs djbdns

Kevin Chadwick ma1l1ists at yahoo.co.uk
Wed Jun 15 20:56:57 UTC 2011

On Wed, 15 Jun 2011 21:00:16 +0200
Leen Besselink wrote:

> tcpdump on OpenBSD kind of does this, they have 2 processes and use
> privilege separation.
> So the process doing the parsing is a chroot'ed and running as nobody or
> something similair.

_tcpdump, safer to have it's own user.

And yet the OpenBSD devs and many others still recommend not to run it
in parse mode (not using -w = a default snaplen of 96) live on
production boxes/firewalls.

More information about the Unbound-users mailing list