New BIND 9 chroot directories

Makoto Matsushita matusita at
Tue Oct 5 00:12:08 PDT 2004

Thanks for your emails, giving me a chance to consider what I can,
like, and will do for configuring my nameservers.

DougB> As a whole, var is no more volatile than any other directory,
DougB> although bits of it (like /var/run) are recreated at each boot.

Hmm, maybe that's so, ok.

DougB> Configurations that split volatile and non-volatile bits into
DougB> seperate directories are possible, but IMO they are needlessly
DougB> complicated.

Fully agreed.

DougB> All that said, the defaults are just the defaults. The thing
DougB> that people really need to keep in mind is that if you want to
DougB> change it, you can.

However, unfortunately it's _default_ -- no matter it is intended or
not, some of users feel that FreeBSD the OS _enforces_ users to
configure named in that way.

As we already seen, there are preferences on "directory names for zone
files (master/slave v.s. m/s)."  Imagine you like to put your master
zone file under ${chrootdir}/etc/namedb/M, and find that there is
${chrootdir}/etc/namedb/master which is bogus for you.  I believe that
named(8) have no default directory for master zone files -- if you
don't want to implement a policy, "master file should be sitting under
/etc/namedb/master," it would be better to create that directory.

Here's a simple patch to remove master/slave directories.  Please note
that if you want to have ${chrootdir}/etc/namedb/master, "just
mkdir(1) it" is enough with no further fears (mtree(8) doesn't
complain anything even if any unlisted directories are there).

Index: BIND.chroot.dist
RCS file: /home/ncvs/src/etc/mtree/BIND.chroot.dist,v
retrieving revision 1.5
diff -u -r1.5 BIND.chroot.dist
--- BIND.chroot.dist	29 Sep 2004 03:43:10 -0000	1.5
+++ BIND.chroot.dist	5 Oct 2004 07:00:43 -0000
@@ -9,10 +9,6 @@
-            master
-            ..
-            slave   uname=bind
-            ..
 /set type=dir uname=bind gname=wheel mode=0755

There's one thing to consider if above diff is applied; the owner of
slave directory and effective user id of running named should be
matched, since named will write a file to that directory.  However it
causes us very few, since old /etc/namedb didn't have it, and it would
be easy to set with chown(1) (one time set, nobody overrides it).

Please note that "named config files is under ${chrootdir}/etc/namedb"
is ok, since it comes from named implementation, not any of us.  In
the same reason, it would be no problem we have ${chrootdir}/var/run
which is requested by syslogd.

DougB> If anyone wants to come up with something like that, I'm all
DougB> ears, however my guess is that the variety of input is so
DougB> varied that such an undertaking would be pointless.

Thank you, and just a question for you, how do you think to remove
${chrootdir}/etc/namedb/{master,slave} directories?

-- -
Makoto `MAR' Matsushita

More information about the freebsd-current mailing list