Replacing Bind8x with Bind9

Matthew Seaman m.seaman at infracaninophile.co.uk
Tue Aug 10 01:40:09 PDT 2004 

The OP could just wait a few weeks and upgrade to one of the 5.3 BETAs
-- or wait a month and a half and upgrade to 5.3-RELEASE, where BIND9
will be the default resolver in the system.

On Tue, Aug 10, 2004 at 04:14:03AM -0400, Michael Sharp wrote:
> read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9'
> option to make.
> 
> make PORT_REPLACES_BASE_BIND9=yes install clean

Ummm... PORT_REPLACES_BASE_BIND9 generally means that the port uses
/usr as ${PREFIX} rather than the normal value of /usr/local -- that
means it will fight with the base system over which owns those files.

The instructions below only apply if you *don't* use
PORT_REPLACES_BASE_BIND9.
 
> In rc.conf
> ----------
> named_enable="YES"
> named_program="/usr/local/sbin/named"
> named_flags="-c /usr/local/etc/namedb/named.conf -u bind"
 
If you're going to use PORT_REPLACES_BASE_BIND9, then you should
certainly set NO_BIND=yes in /etc/make.conf.  However, my advice would
be /not/ to use PORT_REPLACES_BASE_BIND9: just install the port under
/usr/local as usual, and adjust the make.conf settings as above.  You
can add NO_BIND=yes to make.conf or not, as you like.
 
> and you can also put NO_BIND= true in /etc/make.conf so that base BIND
> isn't build when you make world.
> 
> Definetly consider chrooting or jailing BIND

If you install BIND9, you can run it chrooted without having to
install all of the bind executables under the chroot area: just use a
rc.conf setting like:

    named_flags="-c /etc/namedb/named.conf -u bind -t /var/named"

and set up the chroot area under /var/named as needed.  See the
instructions at:

    http://www.losurs.org/docs/howto/Chroot-BIND.html

which needs a bit of interpretation as those are instructions for
Linux, and FreeBSD does things a little differently.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040810/8e85d95a/attachment.bin

More information about the freebsd-questions mailing list