Bind9 chroot jail and xinetd
Many implementations of bind9 start it up in a chroot jail, so as to reduce the chance of a root compromise.
Our implementation of bind9 not only starts it in a chroot jail, but runs with reduced privileges AND out of xinetd AND has a configuration file structure mildly better for usage with a web based interface (not that we have one).
The xinetd trick is clever in that incoming requests to port 53 will start bind9 if not already started (or it has crashed).
To edit this page, submit a pull request to
the Github repository.
Cerowrt Project
Recent Updates
Find us elsewhere
Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine
Nlnet Foundation
Shuttleworth Foundation
GoFundMe
Congestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)
Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine
Sponsors
Comcast Research Innovation FundNlnet Foundation
Shuttleworth Foundation
GoFundMe
Bufferbloat Related Projects
OpenWrt ProjectCongestion Control Blog
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG
CeroWrt (where it all started)
Network Performance Related Resources
Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".