Date: Wed, 06 Jan 2010 12:19:21 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> Cc: freebsd-current@freebsd.org Subject: Re: named, VARMFS=yes and FILESDIR Message-ID: <4B44F049.4060805@FreeBSD.org> In-Reply-To: <4B445257.3080606@omnilan.de> References: <4B12CCA8.7050808@omnilan.de> <4B1341E7.1050805@FreeBSD.org> <4B445257.3080606@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Harald Schmalzbauer wrote: > Doug Barton schrieb am 30.11.2009 04:54 (localtime): > There are kind of "to be expected" incompatible options, of course, but > this one hit me some years before. Especcially for newbies, it's not > clear why these options shouldn't work together. Because what you're proposing is very far away from the typical way that name servers are configured. My goal is to provide a secure, safe default configuration that conforms to current best practices. What you want to do is an edge case, and not even something I see as reasonable to add an option in the base for given that the code is already much more complicated than it should be. >>> My idea is to create a namedb directory in /usr/share (like there's one >>> for sendmail) with duplicate entries of src/etc/namedb >> >> Why not just set named_chrootdir to /usr/share/namedb ? It's not 100% >> clear to me what you're trying to accomplish. Can you please go into a >> little more detail about your goals, rather than potential solutions? > > I think rc.d/var should be able to populate a named compliant /var. > Therefore it needs at least named.conf and named.root. > My idea was to save them in /usr/share, where many other (sendmail e.g.) > template duplicates also reside. When chrooting to /usr/share/namedb, it > also fails if I don't have the original installed /var, like if /var is > a freshly populated memory file system. If you are dead set on this course of action that's fine. What I suggest that you do is to create an rc.d script that does what you want, and include REQUIRE: var and BEFORE: named. Put this script in /usr/local/etc/rc.d and you'll be good to go. Off hand you will probably need to use the same mtree invocation that rc.d/named uses to create the file structure, but after that copying your files should be easy. You can start here for information on how to create your own rc.d scripts: http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/rc-scripts.html >>> P.S.: named_conf definitions in rc.conf get lost. >> >> Yes, that's something that needs improvement. I have it on the list >> but since it's not common for people to alter the path to the conf >> file, and since in the past in order to do so you've had to add -c to >> named_flags anyway, I don't regard it as urgent. FYI, this is done. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B44F049.4060805>