From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 13 17:59:24 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F2D6B1E9;
 Wed, 13 Nov 2013 17:59:23 +0000 (UTC)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com
 [IPv6:2607:f8b0:400e:c03::231])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id ACBBA2390;
 Wed, 13 Nov 2013 17:59:23 +0000 (UTC)
Received: by mail-pa0-f49.google.com with SMTP id lf10so780418pab.36
 for <multiple recipients>; Wed, 13 Nov 2013 09:59:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=8t9hqgdUkMu75dbFjyujkU8e/09RZJAzKsnEgQ+98pM=;
 b=GBERDowzW7yC+AVBXFmQPqIKGnsIUaOimPSXLtGUolXhe+4N9cfkwF7EtnmY5dJPDM
 x+ZEhVh8lwLf1wo3lEjRa2kmLQEwqw7r3kyH0hk0g7XyA8xVnsBIlyzJKwT+gwKHEevH
 w0um+mmcNzYmd2Wcg8JxpNJHmnffmoIvH0lXdxpjbBWtcXSCwzOfAb2A3PDwrIrJhFHy
 yHXRDyZL+poLHcX/+HPgX3iFsksDdrxd4+8QArM9TLreuR+ztGdpPgPIcM+QRqhct8kA
 fPkXG3v9DOAsHUGgBV26oUQOmASk1mitJXKN/O2y6YJjusa0FAeYb4tnf6GVj8aRbqom
 lQzg==
MIME-Version: 1.0
X-Received: by 10.68.233.135 with SMTP id tw7mr42594262pbc.112.1384365563339; 
 Wed, 13 Nov 2013 09:59:23 -0800 (PST)
Received: by 10.68.248.106 with HTTP; Wed, 13 Nov 2013 09:59:23 -0800 (PST)
In-Reply-To: <20131112111322.GV90670@droso.dk>
References: <CAAcX-AFJ__4CDz7+abFoRf+ecrfOZRFXaos1sYnb85=k_BweEw@mail.gmail.com>
 <20131103220654.GU52889@FreeBSD.org>
 <6AA4A8E1-CBCE-4C87-A320-BB08EC76715F@lassitu.de>
 <CA+dUSypfj5Ja+Ki1tikG19na7Dv96foW3HE+TEPaNYOUM9r5Cw@mail.gmail.com>
 <20131104083443.GZ52889@FreeBSD.org>
 <2B21E123-23BA-4E07-B9DD-9DE1CDE40D08@FreeBSD.org>
 <20131104163457.GJ52889@FreeBSD.org>
 <CA+dUSyp5JWskKU7_oMxuTsZekimtRs2A+mEZm=kS-87jNjF9yQ@mail.gmail.com>
 <868B00D6-101A-4B17-995F-A3E2AFE41908@lansing.dk>
 <20131112111322.GV90670@droso.dk>
Date: Wed, 13 Nov 2013 19:59:23 +0200
Message-ID: <CA+dUSyq6wukHVHpAz0uquMMuWNcmq2SqBp3sKQzZOcxov1_OSA@mail.gmail.com>
Subject: Re: FreeBSD 10 Beta2 /etc/rc.d/named script and /etc/defaults/rc.conf
From: George Kontostanos <gkontos.mail@gmail.com>
To: Erwin Lansing <erwin@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.16
Cc: FreeBSD Release Engineering Team <re@freebsd.org>,
 Stefan Bethke <stb@lassitu.de>, FreeBSD Current <freebsd-current@freebsd.org>,
 Gleb Smirnoff <glebius@freebsd.org>,
 freebsd-stable <freebsd-stable@freebsd.org>,
 =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@freebsd.org>,
 =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Nov 2013 17:59:24 -0000

On Tue, Nov 12, 2013 at 1:13 PM, Erwin Lansing <erwin@freebsd.org> wrote:

> On Wed, Nov 06, 2013 at 02:59:15PM +0100, Erwin Lansing wrote:
> > >> E> >
> > >> E> > Erwin, can you please handle that?
> > >> E>
> > >> E> Things are much worse that this, the ports are completely written
> under the assumption that there is a Bind in base, which of course would
> already break with WITHOUT_BIND before Bind was completely removed.  It
> will be hard to fix without breaking the installed base of 8 and 9.  Sigh.
> > >> E>
> > >> E> I'll try to work on it this week, but unfortunately have a full
> schedule of meetings and travel as well.
> > >
> > > Suggestion. An option to install the rc script would solve that
> problem.
> > >
> >
> > If only it was that simple, it would have been done a long time ago.  As
> Gleb points out, the ports are broken by design.  The rc script needs a
> complete rewrite, and that's only after fixing all configuration files,
> setting up chroot, etc etc and all that while not breaking the installed
> base on 8 and 9.  I spent most of yesterday on this and if I'm lucky, I'm
> halfway through.
> >
>
>
> Sorry about the delay, but I did finally update all three dns/bind9*
> ports today.  I have dropped the complicated chroot, and related
> symlinking, logic from the default rc script as I don't think that
> is the right place to implement things.  I would recommend users
> who want the extra security to use jail(8) instead of a mere chroot.
>
> This change should not affect the installed base of FreeBSD 9.x and
> earlier systems, but new installations there should note that the
> symlink option is no longer turned on by default, but still supported.
>
> I tested some default cases, but by no means can test every corner case,
> so please let me know how this works out.
>
> Best,
> Erwin
>
>
Excellent thanks so much!

If you had named running using the old rc scripts and config in 10 you will
need to:

1) Backup your zones & stop named
2) Delete /var/named/*
3) Create a new symlink in etc to /usr/local/etc/namedb
4) Restore your zones
5) Start named from the new rc script

-- 
George Kontostanos
---
http://www.aisecure.net