changes to base system DNS

Sun Mar 16 07:56:34 UTC 2014

On 16/03/2014 00:01, Kevin Oberman wrote:
> Note that the base BIND was chrooted by default. I don't believe that ports
> version is on 10, so you really should either chroot it yourself or, better
> yet, put it in a jail. I really recommend a jail.

It's a shame that the chroot'ing couldn't be incorporated into the
bind99 port.  I'd like to bring it back, but it seems that there are a
few obstacles:

    * /var/named and contents are listed as 'old directories' belonging
      to the base system, and so would be deleted during the normal
      course of an upgrade from 9 to 10[*].

    * In order to set up a chroot as it was done previously, various
      files would need to move from ${LOCALBASE}/etc/namedb/ to the
      chroot dir.  This would tend to break an installed pkg.

I haven't had an opportunity to look at it in any great detail yet, but
so far I still think it should at least be possible to do.

	Cheers,

	Matthew

[*] This was perhaps the most unwelcome surprise I encountered while
doing a 9 to 10 upgrade.  I didn't affect me because a) I was upgrading
via a separate boot environment and b) I've got all my DNS zone data
under version control anyhow.  But I can see it becoming more than just
a momentary annoyance to many.  *Back up your zone data before you start
upgrading.*

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140316/379ab80c/attachment.sig>