From owner-freebsd-current@FreeBSD.ORG Thu Sep 30 02:51:13 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BC4516A4CE; Thu, 30 Sep 2004 02:51:13 +0000 (GMT) Received: from daintree.corp.yahoo.com (daintree.corp.yahoo.com [216.145.52.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B26843D5E; Thu, 30 Sep 2004 02:51:13 +0000 (GMT) (envelope-from peter@yahoo-inc.com) Received: by daintree.corp.yahoo.com (Postfix, from userid 2154) id EF8B48803; Wed, 29 Sep 2004 19:51:12 -0700 (PDT) From: Peter Wemm To: freebsd-current@freebsd.org Date: Wed, 29 Sep 2004 19:51:12 -0700 User-Agent: KMail/1.6.2 References: <20040928025635.Q5094@ync.qbhto.arg> In-Reply-To: <20040928025635.Q5094@ync.qbhto.arg> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200409291951.12610.peter@wemm.org> cc: Doug Barton Subject: Re: HEADS UP: named now runs chroot'ed by default X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 02:51:13 -0000 On Tuesday 28 September 2004 03:03 am, Doug Barton wrote: > I just committed a named "auto-chroot" system that will allow named > to run chroot'ed by default. If you have an existing named > configuration in /etc/namedb, the instructions for updating it are in > src/UPDATING. If you are already chroot'ing named, especially if you > are using /var/named as the chroot directory, you should back > everything up before upgrading and proceed with caution. :) > > For those that don't have a named configuration, all you should have > to do is 'rm -r /etc/namedb' and you'll be fine. > > Comments and suggestions are welcome, but please try to keep the > bikeshedding about specific bits down to an absolute minimum. The > directory structure and related options worked very well on hundreds > of name servers on a very busy enterprise network, so I have a high > degree of confidence that the defaults are sensible. That said, I am > open to genuine improvements, and dialogue on optional bits. Mergemaster hasn't been made aware of this. It unconditionally installs the named stuff in /var/named/etc/namedb even when you've explicitly turned the chroot stuff off. How are we supposed to get the old behavior back? This sucks. :-( -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5