HEADS UP: named now runs chroot'ed by default

Doug Barton DougB at FreeBSD.org
Tue Sep 28 03:03:51 PDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Folks,

I just committed a named "auto-chroot" system that will allow named to 
run chroot'ed by default. If you have an existing named configuration in 
/etc/namedb, the instructions for updating it are in src/UPDATING. If 
you are already chroot'ing named, especially if you are using /var/named 
as the chroot directory, you should back everything up before upgrading 
and proceed with caution. :)

For those that don't have a named configuration, all you should have to 
do is 'rm -r /etc/namedb' and you'll be fine.

Comments and suggestions are welcome, but please try to keep the 
bikeshedding about specific bits down to an absolute minimum. The 
directory structure and related options worked very well on hundreds of 
name servers on a very busy enterprise network, so I have a high degree 
of confidence that the defaults are sensible. That said, I am open to 
genuine improvements, and dialogue on optional bits.

Enjoy,

Doug

- -- 

     This .signature sanitized for your protection

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBWTcFyIakK9Wy8PsRAi14AJoDDYBsGVHXWDcg36/5OO9JWPuJ0ACdGxWK
E/Hbv5xATjskcJRLLY9G3hQ=
=EcKj
-----END PGP SIGNATURE-----


More information about the freebsd-current mailing list