Date: Fri, 17 Aug 2001 12:21:10 +0100 From: setantae <setantae@submonkey.net> To: freebsd-questions@FreeBSD.org Subject: chroot'ing named(8) Message-ID: <20010817122110.A11537@rhadamanth>
next in thread | raw e-mail | index | archive | help
I've been fighting with setting up named to run in a sandbox on FreeBSD this morning and I've found that it's non-trivial on FreeBSD. Yes, you can get there if you know which manpages to read, but I'm thinking of new users here. This is what I've had to do so far : 1) /etc/namedb is not populated with var/run, var/tmp, dev/null by default. 2) I have also had to add ``-l /etc/namedb/dev/log" to syslogd_flags - this isn't suggested in the Handbook. 3) I've had to compile a static copy of named-xfer to install in /etc/namedb - this also is not documented in the Handbook (it's not even suggested that you'll need a copy in the sandbox). I'm also concerned that I'll need to do this now everytime a change is made to the source tree in src/contrib/bind. 4) I don't like the fact that it's in /etc by default. Assume I was secondarying several thousand zones - space on / is an issue. (Yes, I know I can change this). I think at least that the Handbook needs to be looked at (I'm willing to do this but it'll be in ascii as I'm still learning DocBook and will take a few days as I have visitors this weekend). Also, I think the entire issue of running named in a chroot environment needs to be made easier - setting this up on OpenBSD _is_ trivial. I feel I've only been able to get this successfully set up because I've done it before on other systems - it would be good if this could be made easier in the way that OpenBSD have achieved this. I'm not necessarily suggesting that named is run in a chroot environment by default, but setting it up to do so could be made a lot easier. Any comments are welcome (even if they're just ``Stop moaning''). Ceri -- One of the lessons of history is that nothing is often a good thing to do and always a clever thing to say. -- Will Durant To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010817122110.A11537>