HA DNS should provide a property to allow the DNS service to be run as a non-root user
ustomer request via the Sun Cluster forum:
I'd like the DNS HA Agent for Sun Cluster 3.2 to be modified so that the admin can choose to run BIND as a
non-root user ie. named. This functionality is desirable for security reasons, as it gives the admin a layer of protection in the event that BIND is compromised. As a non-root process, it won't be capable of doing
as much damage as a compromised root process could. This behaviour is similar to how Apache works, and is already available by specifying "-u <userid>" when starting BIND from the command line, or setting 'user'
and 'group' in method_credential in the SMF manifest.