From owner-cvs-all  Thu Aug 23 17: 3:38 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2B53D37B408; Thu, 23 Aug 2001 17:03:30 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.5/8.11.5) with SMTP id f7O035P81153;
	Thu, 23 Aug 2001 20:03:09 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Thu, 23 Aug 2001 20:03:05 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Brian Somers <brian@Awfulhak.org>
Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>,
	Jun Kuriyama <kuriyama@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, brian@freebsd-services.com
Subject: Re: cvs commit: src/etc/defaults rc.conf src/etc/mtree BSD.var.dist src/etc/namedb named.conf 
In-Reply-To: <200108231413.f7NEDvg71094@hak.lan.Awfulhak.org>
Message-ID: <Pine.NEB.3.96L.1010823195713.80998C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


The failures caused by this change are very real.  The correct solution is
to fix bind.  I think Bill Fenner proposed at USENIX that BIND use
IP_RECVDSTADDR instead of relying on a socket per address, which would
permit it to avoid rebinding every time the address pool changed.  I don't
know how portable IP_RECVDSTADDR is, but it seems like a good idea to me.
Note that I've never tried it, so there could be snags...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Thu, 23 Aug 2001, Brian Somers wrote:

> > On Thu, Aug 23, 2001 at 06:34:46 -0700, Jun Kuriyama wrote:
> > > kuriyama    2001/08/23 06:34:46 PDT
> > > 
> > >   Modified files:
> > >     etc/defaults         rc.conf 
> > >     etc/mtree            BSD.var.dist 
> > >     etc/namedb           named.conf 
> > >   Log:
> > >   Invoke named with privilege of bind:bind.
> > >   Change pidfile location to /var/run/named/pid.
> > 
> > Is it discussed or I miss something? We already have an option to run it
> > in bind sandbox, but as non-default option. Some functions not works in
> > bind sandbox, I don't remember exactly at this moment.
> 
> named won't be able to listen on interface addresses that are not 
> configured when named is invoked.  This can break name services on a 
> dialup server quite badly.
> 
> I think this change should be reverted.
> 
> > -- 
> > Andrey A. Chernov
> > http://ache.pp.ru/
> 
> -- 
> Brian <brian@freebsd-services.com>                <brian@Awfulhak.org>
>       http://www.freebsd-services.com/        <brian@[uk.]FreeBSD.org>
> Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>
> 
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message