HP OpenVMS Systems

ask the wizard
Content starts here

Seeking non-privileged rndc (BIND) access?

» close window

The Question is:

TCPIP vers.5.3-18
Is it possible to run the command/utility rndc
under a non privileged account ?
I would delegate to a non-proiviliged
user the possibility to reload zones.
I tried to install the image with
privileges, but the command will hang
after the execution (it doesn't return
to the DCL prompt).
Francesco Gennai

The Answer is :

  The OpenVMS Wizard would not generally expect that reloading BIND
  configurations would be a non-privileged operation.
  Additionally, installing applications that do not expect to be
  installed -- and in particular, installing applications with
  enhanced privileges -- can lead to very large security holes.
  The OpenVMS Wizard would have to ask the frequency of this task, and
  would also have to ask if a captive login or similar other approach
  could be used here.  (Realize that BIND data is system-critical,
  and untrusted access to BIND data can compromise the network.)
  There are support articles that may be of interest here, too, please
  see the AskQ site (referenced in the FAQ) for articles including:
    How to Configure RNDC on a V9 BIND Server For Remote Access

answer written or last revised on ( 9-FEB-2004 )

» close window