7.4. Dnscache & Tinydns (djbdns)

The following ACLs were written for a djbdns setup based on Jeremy Rauch's Installing djbdns (DNScache) for Name Service parts 1 & 2. With this configuration, dnscache and tinydns must be started prior to sealing the kernel, or when LIDS_GLOBAL is disabled so they can bind to port 53.
# dnscache
#
/sbin/lidsconf -A -o /var/dnscache                        -j READONLY
/sbin/lidsconf -A -s /usr/local/bin/supervise \
                  -o /var/dnscache/dnscache/supervise     -j WRITE
/sbin/lidsconf -A -s /usr/local/bin/supervise \
                  -o /var/dnscache/dnscache/log/supervise -j WRITE
/sbin/lidsconf -A -s /usr/local/bin/multilog \
                  -o /var/dnscache/dnscache/log/main      -j WRITE

# tinydns
#
/bin/echo "tinydns"

/sbin/lidsconf -A -s /usr/local/bin/supervise \
                  -o /var/dnscache/tinydns/supervise      -j WRITE
/sbin/lidsconf -A -s /usr/local/bin/supervise \
                  -o /var/dnscache/tinydns/log/supervise  -j WRITE
/sbin/lidsconf -A -s /usr/local/bin/multilog \
                  -o /var/dnscache/tinydns/log/main       -j WRITE