The following ACLs were written for a djbdns setup based on Jeremy Rauch's Installing djbdns (DNScache) for Name Service parts 1 & 2. With this configuration, dnscache and tinydns must be started prior to sealing the kernel, or when LIDS_GLOBAL is disabled so they can bind to port 53.
# dnscache # /sbin/lidsconf -A -o /var/dnscache -j READONLY /sbin/lidsconf -A -s /usr/local/bin/supervise \ -o /var/dnscache/dnscache/supervise -j WRITE /sbin/lidsconf -A -s /usr/local/bin/supervise \ -o /var/dnscache/dnscache/log/supervise -j WRITE /sbin/lidsconf -A -s /usr/local/bin/multilog \ -o /var/dnscache/dnscache/log/main -j WRITE # tinydns # /bin/echo "tinydns" /sbin/lidsconf -A -s /usr/local/bin/supervise \ -o /var/dnscache/tinydns/supervise -j WRITE /sbin/lidsconf -A -s /usr/local/bin/supervise \ -o /var/dnscache/tinydns/log/supervise -j WRITE /sbin/lidsconf -A -s /usr/local/bin/multilog \ -o /var/dnscache/tinydns/log/main -j WRITE |