From owner-freebsd-current@FreeBSD.ORG Tue Sep 28 10:03:51 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 219DF16A4CF for ; Tue, 28 Sep 2004 10:03:51 +0000 (GMT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0D4543D41 for ; Tue, 28 Sep 2004 10:03:50 +0000 (GMT) (envelope-from DougB@freebsd.org) Received: from lap (c-24-130-110-32.we.client2.attbi.com[24.130.110.32]) by comcast.net (sccrmhc12) with SMTP id <2004092810034901200qmphfe>; Tue, 28 Sep 2004 10:03:50 +0000 Date: Tue, 28 Sep 2004 03:03:46 -0700 (PDT) From: Doug Barton To: freebsd-current@freebsd.org Message-ID: <20040928025635.Q5094@ync.qbhto.arg> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: HEADS UP: named now runs chroot'ed by default X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 10:03:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, I just committed a named "auto-chroot" system that will allow named to run chroot'ed by default. If you have an existing named configuration in /etc/namedb, the instructions for updating it are in src/UPDATING. If you are already chroot'ing named, especially if you are using /var/named as the chroot directory, you should back everything up before upgrading and proceed with caution. :) For those that don't have a named configuration, all you should have to do is 'rm -r /etc/namedb' and you'll be fine. Comments and suggestions are welcome, but please try to keep the bikeshedding about specific bits down to an absolute minimum. The directory structure and related options worked very well on hundreds of name servers on a very busy enterprise network, so I have a high degree of confidence that the defaults are sensible. That said, I am open to genuine improvements, and dialogue on optional bits. Enjoy, Doug - -- This .signature sanitized for your protection -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBWTcFyIakK9Wy8PsRAi14AJoDDYBsGVHXWDcg36/5OO9JWPuJ0ACdGxWK E/Hbv5xATjskcJRLLY9G3hQ= =EcKj -----END PGP SIGNATURE-----