From owner-freebsd-current@FreeBSD.ORG Fri Sep 24 22:27:31 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE68716A4D0; Fri, 24 Sep 2004 22:27:31 +0000 (GMT) Received: from mail.mcneil.com (mcneil.com [24.199.45.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2AD243D4C; Fri, 24 Sep 2004 22:27:31 +0000 (GMT) (envelope-from sean@mcneil.com) Received: from localhost (localhost.mcneil.com [127.0.0.1]) by mail.mcneil.com (Postfix) with ESMTP id F1544F1A79; Fri, 24 Sep 2004 15:27:30 -0700 (PDT) Received: from mail.mcneil.com ([127.0.0.1]) by localhost (server.mcneil.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00657-03; Fri, 24 Sep 2004 15:27:30 -0700 (PDT) Received: from [24.199.45.54] (mcneil.com [24.199.45.54]) by mail.mcneil.com (Postfix) with ESMTP id D2315F1A2A; Fri, 24 Sep 2004 15:27:29 -0700 (PDT) From: Sean McNeil To: Doug Barton In-Reply-To: <20040924222550.F6548@URF.trarfvf> References: <1096042856.24267.6.camel@purgatory.ceribus.net> <20040924222550.F6548@URF.trarfvf> Content-Type: text/plain; charset=iso-8859-1 Message-Id: <1096064849.1047.7.camel@server.mcneil.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 24 Sep 2004 15:27:29 -0700 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new at mcneil.com cc: Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= cc: freebsd-current@freebsd.org cc: Grover Lines Subject: Re: Proper way to run bind9 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 22:27:32 -0000 On Fri, 2004-09-24 at 14:27, Doug Barton wrote: > On Fri, 24 Sep 2004, Dag-Erling Smørgrav wrote: > > > Grover Lines writes: > >> named_pidfile="/var/run/named/pid" # Must set this in named.conf as well > > ^^^^^^^^^^^^^^^^^^ > > should be /var/run/named.pid, fixed in CVS. > > > > DES > > > > It's actually not named.pid in our structure. As explained in the note > behind the variable, we set the pid-file variable in named.conf so that > named running wit h -u bind (but not chrooted) will still be able to > drop a pid file in /var/run/named, which is chowned to user bind. This is currently not correct in some files (i.e. /etc/defaults/rc.conf). Can it be fixed so that everyone points to /var/run/named/pid? This is hosed for a non-chrooted system since bind doesn't have permission to write in /var/run. Also, the /etc/rc.d/named script will do an ln -fs "${named_chrootdir}${pidfile}" ${pidfile} if named_symlink_enable is set (which is by default). Please protect this with if [ -n "$named_chrootdir" ]; then ... fi for those who do not have a chrootdir. Otherwise we end up with a recursive link. > To answer Grover's question, it really depends on what you want to use > it for. The system named.conf will run fine for bind 9 as a resolver, > now that the /etc/rc.d/named script has been updated to create an > rndc.key file if one doesn't exist. This is broken too. If named_chrootdir isn't set, then confgen_chroot doesn't get set and it messes up the invokation of rndc-confgen. I think taking the "" off of the ${confgen_chroot} will solve this but I'm not sure. > If all you want to do is start up named as a resolver, > named_enable="yes" is all you need. You don't need to specify the conf > file to run the system's version of bind, that path is defined in. > > I'm currently working on a setup so that named can be started chrooted > by default. Not sure if that will get in before 5.3-RELEASE or not, but > I'm hoping it will. It would be nice to have it all working while you make these changes. Cheers, Sean