From owner-freebsd-questions@FreeBSD.ORG Mon Oct 4 21:20:55 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D18B1065674 for ; Mon, 4 Oct 2010 21:20:55 +0000 (UTC) (envelope-from mpope@teksavvy.com) Received: from ironport2-out.pppoe.ca (ironport2-out.teksavvy.com [206.248.154.183]) by mx1.freebsd.org (Postfix) with ESMTP id DBFBB8FC08 for ; Mon, 4 Oct 2010 21:20:54 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AoUDAKLhqUzO+KvQ/2dsb2JhbAAHoSvHcYVHBJII X-IronPort-AV: E=Sophos;i="4.57,280,1283745600"; d="scan'208";a="78024733" Received: from 206-248-171-208.dsl.teksavvy.com (HELO [192.168.111.150]) ([206.248.171.208]) by ironport2-out.pppoe.ca with ESMTP; 04 Oct 2010 17:20:53 -0400 Message-ID: <4CAA4542.8060005@teksavvy.com> Date: Mon, 04 Oct 2010 17:21:06 -0400 From: Matthew User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8 MIME-Version: 1.0 To: CyberLeo Kitsana References: <4CA61FE5.9050306@teksavvy.com> <4CA6419C.3050109@cyberleo.net> In-Reply-To: <4CA6419C.3050109@cyberleo.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: BIND: could not configure root hints from 'named.root': file not found X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2010 21:20:55 -0000 CyberLeo Kitsana, Thank you so much for the history and evolution on Bind expected directory structures. It enabled me to jump through that tough spot. Thanks again, Matthew > On 10/01/2010 12:52 PM, Matthew wrote: > >> I would be grateful for any pointers on how to resolve this. I suspect >> the error message may not be exactly descriptive of whats happening. >> > Kinda. > > Here's a few points to keep in mind when working with bind in FreeBSD: > > * By default, named runs in a chroot jail rooted at /var/named/. > > * For security reasons, named cannot write to anything in that tree, > except the dynamic, slave, and working directories. > > * named uses its current working directory to resolve relative pathnames > in the configuration file. > > * With a recent change to ISC Bind 9, named started complaining if it > couldn't write to its current working directory. At the time, this was > (chroot)/etc/namedb/; this was subsequently changed to > (chroot)/etc/namedb/working/ to make named happy without compromising > security. > > When the working directory for named was (chroot)/etc/namedb/, > everything was peachy. Since this was changed, relative pathnames no > longer work as expected because the reference point is different. The > easiest solution is to alter your configuration file to include only > absolute pathnames, relative to the root of the jail. > > The default named config file (in /var/named/etc/namedb/named.conf) is > an excellent source of examples for this. > >