DNS' bind 9 chrooted by default ?

Emanuel Strobl emanuel.strobl at gmx.net
Fri Feb 11 23:17:34 GMT 2005

Am Freitag, 11. Februar 2005 23:29 schrieb kilim:
> Hello,
> regarding Bind 9, here:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bind9.htm
> its stated that the configuration file resides in
> /var/named/etc/namedb/ and that bind will be chrooted automatically.
> Yet here:
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html
> steps are shown for manual chrooting of bind (not version 9)
> So I just want to confirm it with you guys, is bind 9.3 really
> chrooted by default on 5.3 ?

Yes it is, at least on my oldest 5.3-STABLE box, I don't have a 5.3-RELEASE 
handy to verify.
Your configuration directory will still be /etc/namedb, 
not /var/named/etc/namedb since, by default, the chroot environment gets auto 
See these options for rc.conf for further details:
named_enable="NO"               # Run named, the DNS server (or NO).
named_program="/usr/sbin/named" # path to named, if you want a different one.
named_flags="-u bind"           # Flags for named
named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
named_chrootdir="/var/named"    # Chroot directory (or "" not to auto-chroot 
named_chroot_autoupdate="YES"   # Automatically install/update chrooted
                                # components of named. See /etc/rc.d/named.
named_symlink_enable="YES"      # Symlink the chrooted pid file



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050212/d9dec446/attachment.bin

More information about the freebsd-questions mailing list