named, VARMFS=yes and FILESDIR
dougb at FreeBSD.org
Wed Jan 6 20:19:15 UTC 2010
Harald Schmalzbauer wrote:
> Doug Barton schrieb am 30.11.2009 04:54 (localtime):
> There are kind of "to be expected" incompatible options, of course, but
> this one hit me some years before. Especcially for newbies, it's not
> clear why these options shouldn't work together.
Because what you're proposing is very far away from the typical way
that name servers are configured. My goal is to provide a secure, safe
default configuration that conforms to current best practices. What
you want to do is an edge case, and not even something I see as
reasonable to add an option in the base for given that the code is
already much more complicated than it should be.
>>> My idea is to create a namedb directory in /usr/share (like there's one
>>> for sendmail) with duplicate entries of src/etc/namedb
>> Why not just set named_chrootdir to /usr/share/namedb ? It's not 100%
>> clear to me what you're trying to accomplish. Can you please go into a
>> little more detail about your goals, rather than potential solutions?
> I think rc.d/var should be able to populate a named compliant /var.
> Therefore it needs at least named.conf and named.root.
> My idea was to save them in /usr/share, where many other (sendmail e.g.)
> template duplicates also reside. When chrooting to /usr/share/namedb, it
> also fails if I don't have the original installed /var, like if /var is
> a freshly populated memory file system.
If you are dead set on this course of action that's fine. What I
suggest that you do is to create an rc.d script that does what you
want, and include REQUIRE: var and BEFORE: named. Put this script in
/usr/local/etc/rc.d and you'll be good to go. Off hand you will
probably need to use the same mtree invocation that rc.d/named uses to
create the file structure, but after that copying your files should be
easy. You can start here for information on how to create your own
>>> P.S.: named_conf definitions in rc.conf get lost.
>> Yes, that's something that needs improvement. I have it on the list
>> but since it's not common for people to alter the path to the conf
>> file, and since in the past in order to do so you've had to add -c to
>> named_flags anyway, I don't regard it as urgent.
FYI, this is done.
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
More information about the freebsd-current