<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >Security settings & considerations</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="PowerDNS manual" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Operational logging using syslog" HREF="syslog.html"><LINK REL="NEXT" TITLE="Considerations" HREF="considerations.html"></HEAD ><BODY CLASS="CHAPTER" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PowerDNS manual</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="syslog.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="considerations.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="CHAPTER" ><H1 ><A NAME="SECURITY" ></A >Chapter 7. Security settings & considerations</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="SETTINGS" >7.1. Settings</A ></H1 ><P >PDNS has several options to easily allow it to run more securely. Most notable are the <B CLASS="COMMAND" >chroot</B >, <B CLASS="COMMAND" >setuid</B > and <B CLASS="COMMAND" >setgid</B > options which can be specified.</P ><P > For additional information on PowerDNS security, PowerDNS security incidents and PowerDNS security policy, see <A HREF="security-policy.html" >Section 1.4</A >. </P ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN2952" >7.1.1. Running as a less privileged identity</A ></H2 ><P > By specifying <B CLASS="COMMAND" >setuid</B > and <B CLASS="COMMAND" >setgid</B >, PDNS changes to this identity shortly after binding to the privileged DNS ports. These options are highly recommended. It is suggested that a separate identity is created for PDNS as the user 'nobody' is in fact quite powerful on most systems. </P ><P > Both these parameters can be specified either numerically or as real names. You should set these parameters immediately if they are not set! </P ></DIV ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN2958" >7.1.2. Jailing the process in a chroot</A ></H2 ><P > The <B CLASS="COMMAND" >chroot</B > option secures PDNS to its own directory so that even if it should become compromised and under control of external influences, it will have a hard time affecting the rest of the system. </P ><P > Even though this will hamper hackers a lot, chroot jails have been known to be broken. </P ><P > <DIV CLASS="WARNING" ><P ></P ><TABLE CLASS="WARNING" WIDTH="100%" BORDER="0" ><TR ><TD WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TD ALIGN="LEFT" VALIGN="TOP" ><P > When chrooting PDNS, take care that backends will be able to get to their files. Many databases need access to a UNIX domain socket which should live within the chroot. It is often possible to hardlink such a socket into the chroot dir. </P ><P > When running with master or slave support, be aware that many operating systems need access to specific libraries (ofen <TT CLASS="FILENAME" >/lib/libnss*</TT >) in order to support resolution of domain names! You can also hardlink these. </P ></TD ></TR ></TABLE ></DIV > </P ><P > The default PDNS configuration is best chrooted to <TT CLASS="FILENAME" >./</TT >, which boils down to the configured location of the controlsocket. </P ><P > This is achieved by adding the following to pdns.conf: <B CLASS="COMMAND" >chroot=./</B >, and restarting PDNS. </P ></DIV ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="syslog.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="considerations.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Operational logging using syslog</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Considerations</TD ></TR ></TABLE ></DIV ></BODY ></HTML >