ISC bind9 with dynamic DNS update (chroot problem)

[Patrick Dung]

Thanks for reply.

Your suggestion solved my problem, thanks.

Yes, /etc/init.d/named is a typo.

Regards
Patrick

--- Doug Barton <dougb at FreeBSD.org> wrote:

> Patrick Dung wrote:
> > Hi
> > 
> > I use FreeBSD 6.2 and the base bind9.
> > For dynamic DNS update, bind9 automatically generate the journal
> file
> > (end in .jnl).
> > The default config is to use chroot and the running user as 'bind'.
> > 
> > The problem is that after named is started (/etc/init.d/named
> start),
> 
> Are you sure you're doing this on FreeBSD? We have rc.d, not initd.
> Assuming that was just a typo ...
> 
> > the default chroot directory /var/named/etc/named
> 
> The default directory is /etc/namedb, which is a symlink to
> /var/named/etc/namedb.
> 
> > permission will be reset to own by root. So the named daemon (run
> > as user 'bind') cannot create the journal file and complain:
> 
> You shouldn't be creating journal files in the config directory
> anyway.
> 
> > One temp fix is to use chroot and run as root, any suggestions?
> 
> Yeah, don't run named as root. Ever. :)
> 
> Assuming that you are actually running FreeBSD, and that you have not
> turned off the mtree option, you should have the following
> directories
> in /etc/namedb:
> 
> drwxr-xr-x  2 bind  wheel    512 Jul 23 00:47 dynamic/
> drwxr-xr-x  2 root  wheel    512 Jul 13 22:33 master/
> drwxr-xr-x  2 bind  wheel    512 Jul 27 14:05 slave/
> 
> The dynamic directory is obviously designed to hold dynamic zones,
> and
> it (like the slave directory) is chowned to user bind so that named
> can write to it after it drops privileges.
> 
> hth,
> 
> Doug
> 
> -- 
> 
>     This .signature sanitized for your protection
> 



       
____________________________________________________________________________________
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
http://new.toolbar.yahoo.com/toolbar/features/norton/index.php