From owner-cvs-all  Thu Aug 23 10:52:40 2001
Delivered-To: cvs-all@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9F27937B403; Thu, 23 Aug 2001 10:52:34 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.4/8.11.2) id f7NHqXE88004;
	Thu, 23 Aug 2001 10:52:33 -0700 (PDT)
	(envelope-from dillon)
Date: Thu, 23 Aug 2001 10:52:33 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200108231752.f7NHqXE88004@earth.backplane.com>
To: "Brian F. Feldman" <green@FreeBSD.ORG>
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>,
	Brian Somers <brian@Awfulhak.org>,
	Jun Kuriyama <kuriyama@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG, brian@freebsd-services.com
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf 
References:  <200108231707.f7NH7dG14247@green.bikeshed.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


:For what it's worth, here's how I configure named on the computers I run.  
:Not that it's the best way, but it's definitely very reasonable for a 
:default if nothing else.
:
:In rc.conf I use:
:syslogd_flags="-s -l /etc/namedb/var/run/log"   # Flags to syslogd (if enabled).
:named_flags="-u daemon -g daemon -t /etc/namedb -c named.conf"

    There is a pre-configured 'bind' user and 'bind' group available, you
    should use those.  A program isn't running in a sandbox if it shares
    its uid with other unrelated programs - like portmap (!) for example.

    There is a standard place for bind-modifiable files (a.k.a. secondary
    files), /etc/namedb/s, and comments in the default named.conf describing
    how to set it up.  There are comments in the default rc.conf describing
    how to run named in a sandbox.

    The only thing I *didn't* do was turn the sandbox on by default and
    turn on the creation of /etc/namedb/s in the mtree config.

						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message