From owner-freebsd-current@FreeBSD.ORG Tue Sep 28 13:59:31 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD9A216A4CE for ; Tue, 28 Sep 2004 13:59:31 +0000 (GMT) Received: from avout1.midco.net (avout1.midco.net [24.220.0.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07FFC43D46 for ; Tue, 28 Sep 2004 13:59:29 +0000 (GMT) (envelope-from pete@beforever.com) Received: (qmail 28282 invoked by uid 1009); 28 Sep 2004 13:58:19 -0000 Received: from pete@beforever.com by avout1 by uid 1002 with qmail-scanner-1.22 (f-prot: 4.4.2/3.14.11. Clear:RC:1(24.220.217.17):. Processed in 0.016544 secs); 28 Sep 2004 13:58:19 -0000 X-Qmail-Scanner-Mail-From: pete@beforever.com via avout1 X-Qmail-Scanner: 1.22 (Clear:RC:1(24.220.217.17):. Processed in 0.016544 secs) Received: from host-17-217-220-24.midco.net (HELO [24.220.217.17]) ([24.220.217.17]) (envelope-sender ) by avout1.midco.net (qmail-ldap-1.03) with SMTP for ; 28 Sep 2004 13:58:19 -0000 In-Reply-To: <20040928025635.Q5094@ync.qbhto.arg> References: <20040928025635.Q5094@ync.qbhto.arg> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <727FCC18-1156-11D9-BBA6-000D936BE398@beforever.com> Content-Transfer-Encoding: 7bit From: Peter Schultz Date: Tue, 28 Sep 2004 08:58:16 -0500 To: Doug Barton X-Mailer: Apple Mail (2.619) X-Mailman-Approved-At: Tue, 28 Sep 2004 14:39:14 +0000 cc: freebsd-current@freebsd.org Subject: Re: HEADS UP: named now runs chroot'ed by default X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 13:59:31 -0000 On Sep 28, 2004, at 5:03 AM, Doug Barton wrote: > Folks, > > I just committed a named "auto-chroot" system that will allow named to > run chroot'ed by default. If you have an existing named configuration > in /etc/namedb, the instructions for updating it are in src/UPDATING. > If you are already chroot'ing named, especially if you are using > /var/named as the chroot directory, you should back everything up > before upgrading and proceed with caution. :) > Why not do it FreeBSD style and auto-jail named? Sincerely, Pete... > For those that don't have a named configuration, all you should have > to do is 'rm -r /etc/namedb' and you'll be fine. > > Comments and suggestions are welcome, but please try to keep the > bikeshedding about specific bits down to an absolute minimum. The > directory structure and related options worked very well on hundreds > of name servers on a very busy enterprise network, so I have a high > degree of confidence that the defaults are sensible. That said, I am > open to genuine improvements, and dialogue on optional bits. > > Enjoy, > > Doug