problems with latest bind9 setup changes
DougB at FreeBSD.org
Mon Oct 4 13:22:25 PDT 2004
FYI, freebsd-current at freebsd.org and current at freebsd.org are two aliases
for the same list. It is not needed to cc both.
On Sat, 2 Oct 2004, Jose M Rodriguez wrote:
> - If enabled, the default is now to run named in a chroot
> + The default is now to run named in a chroot
I just committed an update to clarify that language.
> IMHO, this is not a good design. If you ask ten admin about the best named
> chrooted setup, you'll get, at last, twelve setups.
That's correct, although the one I committed was the one I used at
Yahoo! on hundreds of name servers, and is both thorough and effective.
I "borrowed" from the best ideas from various knowledgeable sources, and
my own extensive experience. Of course, if someone has better ideas, I'm
open to them.
> Making strong support for a chrooted named is really needed. But moving the
> release default setup to a strong model on that not.
I'm sorry, I don't understand this.
> I'll prefer a sandwidch setup (named_flags="-u bind", named_chroot="")
> as release default.
Defaulting to using the chroot structure is a good change, and suitable
for the vast majority of users. If you want something different, the
knobs are there for you to twist. :)
This .signature sanitized for your protection
More information about the freebsd-current