changes to base system DNS
Matthew Seaman
matthew at FreeBSD.org
Sun Mar 16 07:56:34 UTC 2014
On 16/03/2014 00:01, Kevin Oberman wrote:
> Note that the base BIND was chrooted by default. I don't believe that ports
> version is on 10, so you really should either chroot it yourself or, better
> yet, put it in a jail. I really recommend a jail.
It's a shame that the chroot'ing couldn't be incorporated into the
bind99 port. I'd like to bring it back, but it seems that there are a
few obstacles:
* /var/named and contents are listed as 'old directories' belonging
to the base system, and so would be deleted during the normal
course of an upgrade from 9 to 10[*].
* In order to set up a chroot as it was done previously, various
files would need to move from ${LOCALBASE}/etc/namedb/ to the
chroot dir. This would tend to break an installed pkg.
I haven't had an opportunity to look at it in any great detail yet, but
so far I still think it should at least be possible to do.
Cheers,
Matthew
[*] This was perhaps the most unwelcome surprise I encountered while
doing a 9 to 10 upgrade. I didn't affect me because a) I was upgrading
via a separate boot environment and b) I've got all my DNS zone data
under version control anyhow. But I can see it becoming more than just
a momentary annoyance to many. *Back up your zone data before you start
upgrading.*
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140316/379ab80c/attachment.sig>
More information about the freebsd-questions
mailing list