New BIND 9 chroot directories

Jose M Rodriguez josemi at freebsd.jazztel.es
Mon Oct 4 14:43:29 PDT 2004 

El Lunes, 4 de Octubre de 2004 22:10, Doug Barton escribió:
> On Mon, 4 Oct 2004, Jose M Rodriguez wrote:
> > At last here, BETA7 come with a populated /var/named.
>
> Yes, this is as it should be.
>
> > we've used /var/named for ages without this layout.
>
> OK.
>
> > Is this really needed?
>
> It is necessary to have a default chroot directory structure, yes.
> You can easily prevent /etc/rc.d/named from doing anything with it by
> adding named_chroot_autoupdate="NO" to your /etc/rc.conf[.local]
> file. You can also prevent mergemaster from tempting you with files
> in /etc/namedb by adding NO_BIND_ETC to /etc/make.conf. What may be
> necessary at this point is to add a knob that prevents the directory
> structure from being created in the installworld step. I'll look at
> that tonight.
>

Really good work.  But, this is really needed?
I can't see why.

We can go release with a default:
named_chrootdir=""
named_flags="-u bind"
named_enable="NO"

And with your strong support for chrooted operation in /etc/rc.d/named

So any sysadmin have time/freedoom for setup the chroot before launch 
named.

The default setup seems enough for a firsttimer/home user.  I'll prefer 
a /etc/named/named.conf default that only listen on localhost.

Even I see easier tweak /etc/rc.d/named to populate a wide 
${named_chrootdir} from defaults and /etc/namedb.

I'm really sorry about that, but I think that the status at fresh BETA6 
is far better than now.

> I feel that I've provided the users plenty of knobs to customize this
> stuff with, but if folks have ideas on how it can be improved, I'm
> open to them.
>

Yes, this is not the way.  I think you allready go too far on this.

> > This breaks our update plans.
>
> Well, hopefully I've demonstrated that the problems you've
> experienced can be worked around. Of course, two other options are
> available, one is to move your stuff to a different directory, and
> the other is to adopt the structure that is now being installed by
> default.
>
> > Also, I think this is not well documnted on UPDATING
>
> The entry in UPDATING says (in part):
>
>          If you are using a custom configuration, or if you have
>          customised the named_* variables in /etc/rc.conf[.local]
>          then you may have to adjust the instructions accordingly.
>          It is suggested that you carefully examine the new named
>          variables in /etc/defaults/rc.conf and the options in
>          /var/named/etc/namedb/named.conf to see if they might
>          now be more suitable.
>
> If you have suggestions on how this can be made more clear, please
> let me know.
>
> Doug

If we go release rigth now, you must describe directly the chroot setup 
and not as an option.

An explicit reference to /var/named (filled from tarballs) must exist in 
release notes.

--
  josemi

More information about the freebsd-current mailing list