Proper way to run bind9

Doug Barton DougB at
Fri Sep 24 16:44:49 PDT 2004

On Fri, 24 Sep 2004, Sean McNeil wrote:

> On Fri, 2004-09-24 at 14:27, Doug Barton wrote:
>> On Fri, 24 Sep 2004, Dag-Erling Smørgrav wrote:
>>> Grover Lines <grover at> writes:
>>>> named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
>>>                 ^^^^^^^^^^^^^^^^^^
>>> should be /var/run/, fixed in CVS.
>>> DES
>> It's actually not in our structure. As explained in the note
>> behind the variable, we set the pid-file variable in named.conf so that
>> named running wit h -u bind (but not chrooted) will still be able to
>> drop a pid file in /var/run/named, which is chowned to user bind.
> This is currently not correct in some files (i.e.
> /etc/defaults/rc.conf).

DES made an honest mistake in rc.conf. I was waiting for him to back it 
out himself, but apparently he's off having a life or something. :)  I 
went ahead and fixed it a bit ago.

You mentioned "some files," do you know of anywhere else that it is not 

> Also, the /etc/rc.d/named script will do an
> ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
> if named_symlink_enable is set (which is by default).  Please protect
> this with
> if [ -n "$named_chrootdir" ]; then

On my system this fails harmlessly, but you're right, it shouldn't be 
run if there is no chroot. I'll commit a fix for this in a second.

> for those who do not have a chrootdir.  Otherwise we end up with a
> recursive link.

Actually the final result of this situation depends on the configuration 
options. But you're right, this bullet should be removed from the 
foot-shooting gun.

>> To answer Grover's question, it really depends on what you want to use
>> it for. The system named.conf will run fine for bind 9 as a resolver,
>> now that the /etc/rc.d/named script has been updated to create an
>> rndc.key file if one doesn't exist.
> This is broken too.  If named_chrootdir isn't set, then confgen_chroot
> doesn't get set and it messes up the invokation of rndc-confgen.  I
> think taking the "" off of the ${confgen_chroot} will solve this but I'm
> not sure.

Only broken for the non-chroot case. :)  You're right about the fix 
though, I committed the wrong version when I was testing it last night. 
Thanks for the bug report.

>> If all you want to do is start up named as a resolver,
>> named_enable="yes" is all you need. You don't need to specify the conf
>> file to run the system's version of bind, that path is defined in.
>> I'm currently working on a setup so that named can be started chrooted
>> by default. Not sure if that will get in before 5.3-RELEASE or not, but
>> I'm hoping it will.
> It would be nice to have it all working while you make these changes.

That is the goal, yes.

Thanks again,



     This .signature sanitized for your protection

More information about the freebsd-current mailing list