Date: Wed, 22 Aug 2001 14:34:34 -0700 From: Chern Lee <chern.lee@windriver.com> To: setantae <setantae@submonkey.net> Cc: freebsd-doc@freebsd.org Subject: Re: chroot'ing named(8) Message-ID: <5.0.2.1.2.20010822143059.020140b8@mail.windriver.com> In-Reply-To: <20010817122514.A11760@rhadamanth>
next in thread | previous in thread | raw e-mail | index | archive | help
There's already a section on running a chroot named in the Advanced Networking/DNS/Running named in a sandbox section. Take a look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html#NAMED-SANDBOX If you have any suggestions as to updating/enhancing its content, feel free to do so and submit a unified diff. Or if you don't want to bother messing with DocBook, make the text changes and submit it to me. Thanks for the input. - chern At 12:25 PM 8/17/2001 +0100, you wrote: >I had meant to cc this to -doc (just posted to -questions). > > Original mail : > >I've been fighting with setting up named to run in a sandbox on FreeBSD >this morning and I've found that it's non-trivial on FreeBSD. >Yes, you can get there if you know which manpages to read, but I'm >thinking of new users here. > >This is what I've had to do so far : > >1) /etc/namedb is not populated with var/run, var/tmp, dev/null by default. > >2) I have also had to add ``-l /etc/namedb/dev/log" to syslogd_flags - this > isn't suggested in the Handbook. > >3) I've had to compile a static copy of named-xfer to install in /etc/namedb - > this also is not documented in the Handbook (it's not even suggested that > you'll need a copy in the sandbox). > I'm also concerned that I'll need to do this now everytime a change is > made to the source tree in src/contrib/bind. > >4) I don't like the fact that it's in /etc by default. > Assume I was secondarying several thousand zones - space on / is an issue. > (Yes, I know I can change this). > >I think at least that the Handbook needs to be looked at (I'm willing to do >this but it'll be in ascii as I'm still learning DocBook and will take a few >days as I have visitors this weekend). > >Also, I think the entire issue of running named in a chroot environment needs >to be made easier - setting this up on OpenBSD _is_ trivial. > >I feel I've only been able to get this successfully set up because I've done >it before on other systems - it would be good if this could be made easier in >the way that OpenBSD have achieved this. >I'm not necessarily suggesting that named is run in a chroot environment by >default, but setting it up to do so could be made a lot easier. > >Any comments are welcome (even if they're just ``Stop moaning''). > >Ceri > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-doc" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.2.20010822143059.020140b8>