Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 03 Nov 2004 12:53:58 -0800
From:      Doug Barton <DougB@dougbarton.net>
To:        Gregory Neil Shapiro <gshapiro@freebsd.org>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Problem with RELENG_5_3, BIND9 and dynamic updates
Message-ID:  <41894566.5070503@dougbarton.net>
In-Reply-To: <20041103185010.GP2916@horsey.gshapiro.net>
References:  <4188039D.8020109@aminor.no> <20041103185010.GP2916@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Gregory Neil Shapiro wrote:

>>It looks like BIND9, as delivered in the base, has problems when zones 
>>are using dynamic DNS updates.
>>
>>This is because it runs as user "bind", but that user doesn't have write 
>>access to /var/named/etc/namedb/master - the script /etc/rc.d/named uses 
>>mtree to set that directory as follows:
>>
>>Nov  2 22:40:31 vimes kernel: Nov  2 22:40:31 vimes named[98525]: 
>>master/aminor.no.zone.jnl: create: permission denied
> 
> 
> Perhaps this patch will help:
> 
> Index: mtree/BIND.chroot.dist
> ===================================================================
> RCS file: /src/FreeBSD/ncvs/src/etc/mtree/BIND.chroot.dist,v
> retrieving revision 1.5
> diff -u -r1.5 BIND.chroot.dist
> --- mtree/BIND.chroot.dist	29 Sep 2004 03:43:10 -0000	1.5
> +++ mtree/BIND.chroot.dist	3 Nov 2004 18:45:06 -0000
> @@ -9,6 +9,8 @@
>      ..
>      etc
>          namedb
> +            dynamic uname=bind
> +            ..
>              master
>              ..
>              slave   uname=bind
> Index: namedb/named.conf
> ===================================================================
> RCS file: /src/FreeBSD/ncvs/src/etc/namedb/named.conf,v
> retrieving revision 1.19
> diff -u -r1.19 named.conf
> --- namedb/named.conf	30 Sep 2004 09:57:36 -0000	1.19
> +++ namedb/named.conf	3 Nov 2004 18:48:06 -0000
> @@ -102,6 +102,22 @@
>  	};
>  };
>  
> +// An example dynamic zone
> +key "exampleorgkey"
> +{
> +        algorithm hmac-md5;
> +        secret "sf87HJqjkqh8ac87a02lla==";
> +};
> +
> +zone "example.org" {
> +	type master;
> +	allow-update
> +	{
> +		key "exampleorgkey";
> +	};
> +	file "dynamic/example.org";
> +};
> +
>  zone "0.168.192.in-addr.arpa" {
>  	type slave;
>  	file "slave/0.168.192.in-addr.arpa";
> 

Greg, that is the direction I was thinking on this, yes. The only minor
nit I'd do differently is to move the { for allow-update up to the same
line for style consistency reasons.

Feel free to commit this to HEAD if you like, otherwise I'll get to this
asap.

Thanks,

Doug

-- 
    If you're never wrong, you're not trying hard enough

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41894566.5070503>