DNS' bind 9 chrooted by default ?
Emanuel Strobl
emanuel.strobl at gmx.net
Fri Feb 11 23:17:34 GMT 2005
Am Freitag, 11. Februar 2005 23:29 schrieb kilim:
> Hello,
>
> regarding Bind 9, here:
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bind9.htm
>l
>
> its stated that the configuration file resides in
> /var/named/etc/namedb/ and that bind will be chrooted automatically.
>
> Yet here:
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html
>
> steps are shown for manual chrooting of bind (not version 9)
>
> So I just want to confirm it with you guys, is bind 9.3 really
> chrooted by default on 5.3 ?
Yes it is, at least on my oldest 5.3-STABLE box, I don't have a 5.3-RELEASE
handy to verify.
Your configuration directory will still be /etc/namedb,
not /var/named/etc/namedb since, by default, the chroot environment gets auto
updated.
See these options for rc.conf for further details:
named_enable="NO" # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a different one.
named_flags="-u bind" # Flags for named
named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot
it)
named_chroot_autoupdate="YES" # Automatically install/update chrooted
# components of named. See /etc/rc.d/named.
named_symlink_enable="YES" # Symlink the chrooted pid file
Ragards,
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050212/d9dec446/attachment.bin
More information about the freebsd-questions
mailing list