problems with latest bind9 setup changes

Doug Barton DougB at
Mon Oct 4 13:22:25 PDT 2004

FYI, freebsd-current at and current at are two aliases 
for the same list. It is not needed to cc both.

On Sat, 2 Oct 2004, Jose M Rodriguez wrote:
> /usr/src/UPDATING
> - If enabled, the default is now to run named in a chroot
> + The default is now to run named in a chroot

I just committed an update to clarify that language.

> IMHO, this is not a good design.  If you ask ten admin about the best named
> chrooted setup, you'll get, at last, twelve setups.

That's correct, although the one I committed was the one I used at 
Yahoo! on hundreds of name servers, and is both thorough and effective. 
I "borrowed" from the best ideas from various knowledgeable sources, and 
my own extensive experience. Of course, if someone has better ideas, I'm 
open to them.

> Making strong support for a chrooted named is really needed.  But moving the
> release default setup to a strong model on that not.

I'm sorry, I don't understand this.

> I'll prefer a sandwidch setup (named_flags="-u bind", named_chroot="") 
> as release default.

Defaulting to using the chroot structure is a good change, and suitable 
for the vast majority of users. If you want something different, the 
knobs are there for you to twist. :)



     This .signature sanitized for your protection

More information about the freebsd-current mailing list