From owner-freebsd-questions@FreeBSD.ORG Mon Jul 30 05:12:01 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30F7916A41A for ; Mon, 30 Jul 2007 05:12:01 +0000 (UTC) (envelope-from info@plot.uz) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.170]) by mx1.freebsd.org (Postfix) with ESMTP id 9F68B13C45E for ; Mon, 30 Jul 2007 05:12:00 +0000 (UTC) (envelope-from info@plot.uz) Received: by ug-out-1314.google.com with SMTP id o4so1150043uge for ; Sun, 29 Jul 2007 22:12:00 -0700 (PDT) Received: by 10.66.248.5 with SMTP id v5mr4969919ugh.1185772320132; Sun, 29 Jul 2007 22:12:00 -0700 (PDT) Received: from plot.uz ( [83.221.182.248]) by mx.google.com with ESMTPS id d26sm10857604nfh.2007.07.29.22.11.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 29 Jul 2007 22:11:56 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=unavailable version=3.1.7 X-Spam-Report: Received: from localhost by plot.uz (MDaemon PRO v9.5.5) with DomainPOP id md50000004113.msg for ; Mon, 30 Jul 2007 10:11:43 +0500 Delivered-To: aleksey@plot.uz Received: by 10.100.111.17 with SMTP id j17cs145860anc; Sun, 29 Jul 2007 04:29:47 -0700 (PDT) Received: by 10.115.47.1 with SMTP id z1mr927158waj.1185708586794; Sun, 29 Jul 2007 04:29:46 -0700 (PDT) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by mx.google.com with ESMTP id j39si1690024waf.2007.07.29.04.29.45; Sun, 29 Jul 2007 04:29:46 -0700 (PDT) Received-SPF: pass (google.com: domain of owner-freebsd-isp@freebsd.org designates 69.147.83.53 as permitted sender) DomainKey-Status: bad (test mode) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id D1D443288C; Sun, 29 Jul 2007 11:26:56 +0000 (UTC) (envelope-from owner-freebsd-isp@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id AE3A216A4A0; Sun, 29 Jul 2007 11:26:56 +0000 (UTC) (envelope-from owner-freebsd-isp@freebsd.org) Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A256E16A420 for ; Sun, 29 Jul 2007 11:26:50 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: from web54304.mail.re2.yahoo.com (web54304.mail.re2.yahoo.com [206.190.49.114]) by mx1.freebsd.org (Postfix) with SMTP id E670C13C4A3 for ; Sun, 29 Jul 2007 11:26:49 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: (qmail 67840 invoked by uid 60001); 29 Jul 2007 11:26:45 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.hk; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=G/JjQlAezL2jloaa8fk6r0SDNYw53DL22L7Em5JlXQxuhAyLdpmzCdXhaW5hH5v36lKN3S0/1xw59/pgieVvvqUnENKeYe+CqrWW6+DW/WBMQd8LQYhgO3mjbB8ElmaeuBYv4+bMtbZqPaTYKi1MFX0uAshLD0mOudaR6QtRl0o=; X-YMail-OSG: 2cB1HaMVM1k4ktFa4eok8Dfu3ppv2mQd7da6IgLFhd36aRu1SXsKSs8U6s.OXSgyvKMZ5iRY.lFoCNBiZSCAOPS9tZizJg0M7qS2jp5bftUXMwY- Received: from [61.15.61.52] by web54304.mail.re2.yahoo.com via HTTP; Sun, 29 Jul 2007 04:26:44 PDT Date: Sun, 29 Jul 2007 04:26:44 -0700 (PDT) To: Doug Barton In-Reply-To: <46AA6078.6020300@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <8142.66621.qm@web54304.mail.re2.yahoo.com> X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Errors-To: owner-freebsd-isp@freebsd.org X-Return-Path: owner-freebsd-isp@freebsd.org X-Envelope-From: owner-freebsd-isp@freebsd.org X-MDaemon-Deliver-To: freebsd-questions@freebsd.org X-Spam-Processed: plot.uz, Mon, 30 Jul 2007 10:11:45 +0500 From: Patrick Dung Cc: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: Re: ISC bind9 with dynamic DNS update (chroot problem) X-BeenThere: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2007 05:12:01 -0000 Thanks for reply. Your suggestion solved my problem, thanks. Yes, /etc/init.d/named is a typo. Regards Patrick --- Doug Barton wrote: > Patrick Dung wrote: > > Hi > > > > I use FreeBSD 6.2 and the base bind9. > > For dynamic DNS update, bind9 automatically generate the journal > file > > (end in .jnl). > > The default config is to use chroot and the running user as 'bind'. > > > > The problem is that after named is started (/etc/init.d/named > start), > > Are you sure you're doing this on FreeBSD? We have rc.d, not initd. > Assuming that was just a typo ... > > > the default chroot directory /var/named/etc/named > > The default directory is /etc/namedb, which is a symlink to > /var/named/etc/namedb. > > > permission will be reset to own by root. So the named daemon (run > > as user 'bind') cannot create the journal file and complain: > > You shouldn't be creating journal files in the config directory > anyway. > > > One temp fix is to use chroot and run as root, any suggestions? > > Yeah, don't run named as root. Ever. :) > > Assuming that you are actually running FreeBSD, and that you have not > turned off the mtree option, you should have the following > directories > in /etc/namedb: > > drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/ > drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/ > drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/ > > The dynamic directory is obviously designed to hold dynamic zones, > and > it (like the slave directory) is chowned to user bind so that named > can write to it after it drops privileges. > > hth, > > Doug > > -- > > This .signature sanitized for your protection > ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"