ISC bind9 with dynamic DNS update (chroot problem)
Patrick Dung
patrick_dkt at yahoo.com.hk
Sun Jul 29 11:26:50 UTC 2007
Thanks for reply.
Your suggestion solved my problem, thanks.
Yes, /etc/init.d/named is a typo.
Regards
Patrick
--- Doug Barton <dougb at FreeBSD.org> wrote:
> Patrick Dung wrote:
> > Hi
> >
> > I use FreeBSD 6.2 and the base bind9.
> > For dynamic DNS update, bind9 automatically generate the journal
> file
> > (end in .jnl).
> > The default config is to use chroot and the running user as 'bind'.
> >
> > The problem is that after named is started (/etc/init.d/named
> start),
>
> Are you sure you're doing this on FreeBSD? We have rc.d, not initd.
> Assuming that was just a typo ...
>
> > the default chroot directory /var/named/etc/named
>
> The default directory is /etc/namedb, which is a symlink to
> /var/named/etc/namedb.
>
> > permission will be reset to own by root. So the named daemon (run
> > as user 'bind') cannot create the journal file and complain:
>
> You shouldn't be creating journal files in the config directory
> anyway.
>
> > One temp fix is to use chroot and run as root, any suggestions?
>
> Yeah, don't run named as root. Ever. :)
>
> Assuming that you are actually running FreeBSD, and that you have not
> turned off the mtree option, you should have the following
> directories
> in /etc/namedb:
>
> drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/
> drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/
> drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/
>
> The dynamic directory is obviously designed to hold dynamic zones,
> and
> it (like the slave directory) is chowned to user bind so that named
> can write to it after it drops privileges.
>
> hth,
>
> Doug
>
> --
>
> This .signature sanitized for your protection
>
____________________________________________________________________________________
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
More information about the freebsd-isp
mailing list