Menu
▾
▴
Re: [Unbound-core] refactoring
|
From: Lurene A. G. <lu...@da...> - 2002-11-12 16:52:13
|
> - rely on systrace's priv elevation rather than being
> root/droppriv or even privsep
Hells yeah - that was the suggestion I had last night - then you can just
do thurough checks on the input to the functions that are elevated, and
take the input through lowered functions.
> - start with ipv4, but be ready for ipv6
I think we could get ipv6 in there from the start.
> - use openssl for dnssec stuff
If the crypto is as bad as you say it is it's probably not a bad idea.
>
> so the real question is where does one start? at full current standards
> and attempt to implement them (an intractable task, to be sure) or
> basically start out with bind 4 and add features as needed (dnssec, ipv6)?
> luckily bind9 is under a bsd license ... :)
The BIND4 feature set seems a good first goal, since we can maybe get it
in to current at that point to replace the old bind...
Lurene
--
"What I cannot create, I cannot understand"
-- Richard Feynman
|
