Table of Contents
PDNS has several options to easily allow it to run more securely. Most notable are the chroot, setuid and setgid options which can be specified.
For additional information on PowerDNS security, PowerDNS security incidents and PowerDNS security policy, see Section 4, “Security”.
By specifying setuid and setgid, PDNS changes to this identity shortly after binding to the privileged DNS ports. These options are highly recommended. It is suggested that a separate identity is created for PDNS as the user 'nobody' is in fact quite powerful on most systems.
Both these parameters can be specified either numerically or as real names. You should set these parameters immediately if they are not set!
The chroot option secures PDNS to its own directory so that even if it should become compromised and under control of external influences, it will have a hard time affecting the rest of the system.
Even though this will hamper hackers a lot, chroot jails have been known to be broken.
![]() | Warning |
---|---|
When chrooting PDNS, take care that backends will be able to get to their files. Many databases need access to a UNIX domain socket which should live within the chroot. It is often possible to hardlink such a socket into the chroot dir.
When running with master or slave support, be aware that many operating systems need access to specific libraries
(often
In addition, make sure that |
The default PDNS configuration is best chrooted to ./
, which boils down to the configured location
of the controlsocket.
This is achieved by adding the following to pdns.conf: chroot=./, and restarting PDNS.