RELENG_7 changes for rc.d/named

Doug Barton dougb at FreeBSD.org
Fri Jan 1 22:28:45 UTC 2010


Oliver Lehmann wrote:
> Hi Doug,
> 
> Doug Barton wrote:
> 
>> Your
>> suggestion that I've simply foisted some untested crap onto the
>> FreeBSD community is at best, rude. At worst, it's just plain stupid
>> given that named is chroot'ed by default, and has been for years.
> 
> I was not trying to blame you in person for anything which might have
> been wrong in rc.d/named or not. If you've read that out of my mail it
> must have been my english knowledge which might be insufficient. My
> intention was just to bring up a point which may also disencourage other
> people.

Fair enough. Like I said in my previous post, if I was wrong, or
overreacted I'm sorry.

> I was just wondering why the chroot option of named-checkconf was not
> used with the specified chroot-dir.

named-checkconf is called with $named_conf as an argument. It not used
with the -t option, the assumption is that the symlink is properly
created. The presence of a valid symlink in /etc to the conf dir in
the chroot is very important, and used for several things including
named-checkconf and rndc.

>> You can fix
>> this in your situation by removing whatever is there for /etc/named
>> and creating the symlink yourself before trying to start it up again.
> 
> Did that and used your new script - now it works.
> 
>> What I recommend to people is that
>> they start with the default named.conf and then use include statements
>> for local options.
> 
> Hmm ok... But  I'm using this configuration/setup since 03/2003 without
> problems and just adjusted it from time to time to meet the new
> requirements (bind 8->9 switch and so on)
> I'm using "named" instead of "namedb" because the whole directory is kept
> in a local cvs and I just wanted it "out" of the FreeBSD related files to
> make sure there is no interference at all.

Okey dokey. Like I said, if you have a good reason for what you're
doing and you're able to make it work, that's fine. I would like to
make the infrastructure as flexible as possible however, and I'm glad
you prompted me to take another look at the conf dir stuff in
rc.d/named because that was a rather embarrassing oversight on my part.

I am wondering though if you're using rndc at all ...

> One small thing is left, rndc.key gets always created on start.
> There is a typo in line 188+189 of rc.d/named:
>
>         if [ -s "${named_confidr}/rndc.key" ]; then
>                 case `stat -f%Su ${named_confidr}/rndc.key` in

Ok, I've fixed those, thanks for catching them. I did test that the
file was created in the proper location if it didn't exist, but the
combination of dyslexia and going too fast is not a good thing.


Doug

-- 

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/

	Computers are useless. They can only give you answers.
			-- Pablo Picasso



More information about the freebsd-stable mailing list