problems with latest bind9 setup changes

Ruslan Ermilov ru at FreeBSD.org
Tue Oct 5 06:42:41 PDT 2004 

Hi Jose,

On Sat, Oct 02, 2004 at 11:39:49AM +0200, Jose M Rodriguez wrote:
> El S?bado, 2 de Octubre de 2004 10:47, Ruslan Ermilov escribi?:
> > Hi Jose,
> >
> > On Sat, Oct 02, 2004 at 10:33:37AM +0200, Jose M Rodriguez wrote:
> > > I'm running named in a sandwitch config form:
> > > named_flags="-u bind -c /var/named/named.conf
> > >
> > > After my last update, I've got my /var/named/ dir polluted by a chroot
> > > setup. I think this is not the way.
> > >
> > > /etc/rc.d/named must do this from chroot_autoupdate() only when required
> > > to do so.
> > >
> > > If /var/named must became a system directory, I can move my config
> > > to /var/namebd or so.  But I like to read HEADS UP about those things.
> >
> > There was a HEADS up message sent to the current@ mailing list.
> > There is also a relevant entry in src/UPDATING, "20040928".
> >
> >
> 
> Ah, so you must
> 
> /usr/src/UPDATING
> 
> - If enabled, the default is now to run named in a chroot
> + The default is now to run named in a chroot
> 
"If enabled" means "if named_enable is set to YES in /etc/rc.conf", which
is not by default.  What the UPDATING entry misses is mentioning a fact
that /var/namedb now becomes a system directory.  This needs to be fixed.
Doug, can you please take care of that?

> Using /etc/mtree/BIND.chroot.dist from chroot_autoupdate() is not the same 
> that put /var/named in /etc/mtree/BSD.var.dist.
> 
> Well, moving config to var/namedb.
> 
> IMHO, this is not a good design.  If you ask ten admin about the best named 
> chrooted setup, you'll get, at last, twelve setups.
> 
> Making strong support for a chrooted named is really needed.  But moving the 
> release default setup to a strong model on that not.  I'll prefer a sandwidch 
> setup (named_flags="-u bind", named_chroot="") as release default.


Cheers,
-- 
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041005/d60b19b5/attachment.bin

More information about the freebsd-current mailing list