Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Linux / bind credentials

So I'm looking at running the BIND scripts on our primary DNS server but I'm running into a couple of security questions that have me stymied - Have folks come up with workarounds for it?

First, root access through ssh is disabled; users can log in as themselves and either sudo or su to get root access. Obviously in the script rndc isn't normally even usable by non-root users, but it's going to be tough to change this policy.

Second, assuming we can log in as root our bind implementation uses a rndc key for authorization, so I'd have to import that into the script as well. Not too bad if we do have root access, but another headache.

I'm curious to hear how other people are running the monitor.

Tags (3)
0 Kudos
1 Reply
Product Manager
Product Manager

Re: Linux / bind credentials

I've worked with a handful of customers to set this up but none have been as security conscious as you. Some customers do need to modify the script to allow it to SU to root but as a general rule we recommend changing the permissions of the file to allow non-root users to execute the command. You will need to alter the script slightly to pass your mdc key properly regardless of which route you take.

0 Kudos