ISC bind9 with dynamic DNS update (chroot problem)

Reid Linnemann lreid at
Mon Jul 30 13:40:30 UTC 2007

Written by Patrick Dung on 07/28/07 10:52>>
> Thanks for reply.
> Yes, your method works.
> But I wonder why /var/named/etc/named/master directory permission
> always reset to root at starting the daemon.
> Regards
> Patrick
> --- Reid Linnemann <lreid at> wrote:
>> Written by Patrick Dung on 07/27/07 08:19>>
>>> Hi
>>> I use FreeBSD 6.2 and the base bind9.
>>> For dynamic DNS update, bind9 automatically generate the journal
>> file
>>> (end in .jnl).
>>> The default config is to use chroot and the running user as 'bind'.
>>> The problem is that after named is started (/etc/init.d/named
>> start),
>>> the default chroot directory /var/named/etc/named permission will
>> be
>>> reset to own by root. So the named daemon (run as user 'bind')
>> cannot
>>> create the journal file and complain:
>>> Jul 27 21:06:54 fbsd62 named[2862]: general: localdomain.db.jnl:
>>> create: permission denied
>>> One temp fix is to use chroot and run as root, any suggestions?
>>> Regards
>>> Patrick
>> When I did ddns, I had my dynamic zone files in a subdirectory off of
>> the named chroot- i.e. /var/named/etc/namedb/dynamic - and chowned it
>> to 
>> bind, allowing the bind user to read/write anything inside.

I forgot to CC: questions@ on my original reply

This is because /etc/rc.d/named auto-updates the chroot to an expected 
state defined by the mtree at /etc/mtree/BIND.chroot.dist

Please do not top post, so the conversation order progresses from oldest 
to newest.


More information about the freebsd-questions mailing list