From owner-freebsd-hackers@FreeBSD.ORG  Wed Dec  3 14:47:18 2014
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8088529D
 for <freebsd-hackers@freebsd.org>; Wed,  3 Dec 2014 14:47:18 +0000 (UTC)
Received: from wonkity.com (wonkity.com [67.158.26.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2DBA81B7
 for <freebsd-hackers@freebsd.org>; Wed,  3 Dec 2014 14:47:17 +0000 (UTC)
Received: from wonkity.com (localhost [127.0.0.1])
 by wonkity.com (8.14.9/8.14.9) with ESMTP id sB3ElGJu093529
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Wed, 3 Dec 2014 07:47:16 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
 by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id sB3ElGZh093523;
 Wed, 3 Dec 2014 07:47:16 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Date: Wed, 3 Dec 2014 07:47:16 -0700 (MST)
From: Warren Block <wblock@wonkity.com>
To: John Von Essen <john@quonix.net>
Subject: RE: Bind, DNS, and Denial of Service
In-Reply-To: <005d01d00ead$00d56320$02802960$@quonix.net>
Message-ID: <alpine.BSF.2.11.1412030742470.84718@wonkity.com>
References: <002e01d00e8c$1b7d6f40$52784dc0$@quonix.net>
 <381c25e1046453b9f7a5c94809e7d7fb@ultimatedns.net>
 <004e01d00ea0$6b7c7860$42756920$@quonix.net> <547E82CC.3040007@egr.msu.edu>
 <005d01d00ead$00d56320$02802960$@quonix.net>
User-Agent: Alpine 2.11 (BSF 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (wonkity.com [127.0.0.1]); Wed, 03 Dec 2014 07:47:16 -0700 (MST)
Cc: freebsd-hackers@freebsd.org
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 14:47:18 -0000

On Tue, 2 Dec 2014, John Von Essen wrote:

> The base bind99 port did not behave nicely even when I set
> named_program="/usr/local/sbin/named" because the port is built with a
> sysconfdir of /usr/local/etc which through everything out of whack. Even
> when I tried to override the startup scrip to explicitly pass -c /etc/namedb
> things were all weird. Rndc also didn't work because it kept looking in the
> wrong dir's, etc.,.

The port used to have an option to overwrite the base BIND.

There is an example of installing dns/bind99 in a 10.X jail in the 
Handbook: 
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html#jails-ezjail-example-bind