ISC bind9 with dynamic DNS update (chroot problem)
info at plot.uz
Mon Jul 30 05:12:01 UTC 2007
Thanks for reply.
Your suggestion solved my problem, thanks.
Yes, /etc/init.d/named is a typo.
--- Doug Barton <dougb at FreeBSD.org> wrote:
> Patrick Dung wrote:
> > Hi
> > I use FreeBSD 6.2 and the base bind9.
> > For dynamic DNS update, bind9 automatically generate the journal
> > (end in .jnl).
> > The default config is to use chroot and the running user as 'bind'.
> > The problem is that after named is started (/etc/init.d/named
> Are you sure you're doing this on FreeBSD? We have rc.d, not initd.
> Assuming that was just a typo ...
> > the default chroot directory /var/named/etc/named
> The default directory is /etc/namedb, which is a symlink to
> > permission will be reset to own by root. So the named daemon (run
> > as user 'bind') cannot create the journal file and complain:
> You shouldn't be creating journal files in the config directory
> > One temp fix is to use chroot and run as root, any suggestions?
> Yeah, don't run named as root. Ever. :)
> Assuming that you are actually running FreeBSD, and that you have not
> turned off the mtree option, you should have the following
> in /etc/namedb:
> drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/
> drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/
> drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/
> The dynamic directory is obviously designed to hold dynamic zones,
> it (like the slave directory) is chowned to user bind so that named
> can write to it after it drops privileges.
> This .signature sanitized for your protection
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
freebsd-isp at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-questions