]>
Commit | Line | Data |
---|---|---|
0e2063c3 PL |
1 | Security of PowerDNS |
2 | ==================== | |
223bb49e PL |
3 | PowerDNS has several options to easily allow it to run more securely. |
4 | Most notable are the :ref:`setting-chroot`, :ref:`setting-setuid` and :ref:`setting-setgid` options. | |
5 | ||
0e2063c3 PL |
6 | For Security Advisories, see the :doc:`dedicated page <security-advisories/index>`. |
7 | ||
8 | .. _securitypolicy: | |
9 | ||
10 | .. include:: common/security-policy.rst | |
11 | ||
223bb49e PL |
12 | For additional information on PowerDNS security, PowerDNS security incidents and PowerDNS security policy, see :ref:`securitypolicy`. |
13 | ||
0e2063c3 PL |
14 | Securing the Process |
15 | -------------------- | |
16 | ||
223bb49e PL |
17 | Running as a less privileged identity |
18 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
19 | By specifying :ref:`setting-setuid` and :ref:`setting-setgid`, PowerDNS changes to this identity shortly after binding to the privileged DNS ports. | |
20 | These options are highly recommended. | |
21 | It is suggested that a separate identity is created for PowerDNS as the user 'nobody' is in fact quite powerful on most systems. | |
22 | ||
23 | Both these parameters can be specified either numerically or as real names. | |
24 | Set these parameters immediately if they are not set! | |
25 | ||
26 | Jailing the process in a chroot | |
27 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
28 | The :ref:`setting-chroot` option secures PowerDNS to its own directory so that even if it should become compromised and under control of external influences, it will have a hard time affecting the rest of the system. | |
29 | ||
30 | Even though this will hamper hackers a lot, chroot jails have been known to be broken. | |
31 | ||
0e2063c3 PL |
32 | .. warning:: |
33 | When chrooting The PowerDNS, take care that backends will be able to get to their files. Many databases need access to a UNIX domain | |
34 | socket which should live within the chroot. It is often possible to | |
35 | hardlink such a socket into the chroot dir. | |
223bb49e PL |
36 | |
37 | When running with master or slave support, be aware that many operating | |
38 | systems need access to specific libraries (often ``/lib/libnss*``) in | |
39 | order to support resolution of domain names! You can also hardlink | |
40 | these. | |
41 | ||
42 | In addition, make sure that ``/dev/log`` is available from within the chroot. | |
43 | Logging will silently fail over time otherwise (on logrotate). | |
44 | ||
45 | The default PowerDNS configuration is best chrooted to ``./``, which boils down to the configured location of the controlsocket. | |
46 | ||
47 | This is achieved by adding the following to pdns.conf: ``chroot=./``, and restarting PowerDNS. | |
48 | ||
49 | Security Considerations | |
50 | ----------------------- | |
51 | In general, make sure that the PowerDNS process is unable to execute commands on your backend database. | |
52 | Most database backends will only need SELECT privilege. | |
53 | Take care to not connect to your database as the 'root' or 'sa' user, and configure the chosen user to have very slight privileges. | |
54 | ||
55 | Databases empathically do not need to run on the same machine that runs PowerDNS! | |
56 | In fact, in benchmarks it has been discovered that having a separate database machine actually improves performance. | |
57 | ||
58 | Separation will enhance your database security highly. Recommended. | |
59 | ||
0e2063c3 PL |
60 | .. _securitypolling: |
61 | ||
62 | .. include:: common/secpoll.rst |