From owner-freebsd-current@FreeBSD.ORG Wed Oct 6 17:36:11 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C57C616A4CE for ; Wed, 6 Oct 2004 17:36:11 +0000 (GMT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 76F7043D53 for ; Wed, 6 Oct 2004 17:36:09 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id D6A1F60E; Wed, 6 Oct 2004 11:36:08 -0600 (CST) Date: Wed, 6 Oct 2004 11:36:08 -0600 From: Tillman Hodgson To: freebsd-current@freebsd.org Message-ID: <20041006173608.GA58024@seekingfire.com> References: <20040928025635.Q5094@ync.qbhto.arg> <200409291951.12610.peter@wemm.org> <43039.193.35.129.161.1096541075.squirrel@webmail.xtaz.net> <20040930153801.GP35869@seekingfire.com> <20041005170720.M3095@bo.vpnaa.bet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041005170720.M3095@bo.vpnaa.bet> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: Re: HEADS UP: named now runs chroot'ed by default X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2004 17:36:11 -0000 On Tue, Oct 05, 2004 at 05:11:16PM -0700, Doug Barton wrote: > On Thu, 30 Sep 2004, Tillman Hodgson wrote: > > >How does chroot and NFS interact? > > It is theoretically possible, but I would not do it for performance and > reliability reasons. If you are doing something useful with named on a > real network you will have enough variables that you cannot control > which will make your life difficult, I personally would not want to add > more pain to the mix that could be avoided. :) > > If you want to share configs, share data, etc; then rsync, scp, etc. are > your friends. When I was at Yahoo! we had all the essential files in a > central CVS repo and I used makefiles with various targets to push them > out to the servers. This made updates, replication, installation, etc. > very easy with almost no room for error, and no external dependencies > other than the network and power for the individual name server. I was using NFS not for sharing between machines but rarely to add a bit of security an convenience: a host compromise on the named box could not modify the files (RO export), yet an internal client could update the zone file easily (ssh/kerberized telnet to the file server in question and edit the file) and a rndc reload would update the named. I can move away from that model easily enough, I just need to actually make a plan to do so. If NFS and chroot are unhappy bedfellows, I'll do so :-) -T -- "If knowledge creates problems, ignorance will not solve them" -- Isaac Asimov.