Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Jul 2007 04:26:44 -0700 (PDT)
From:      Patrick Dung <info@plot.uz>
To:        Doug Barton <dougb@FreeBSD.org>
Cc:        freebsd-isp@freebsd.org, freebsd-questions@freebsd.org
Subject:   Re: ISC bind9 with dynamic DNS update (chroot problem)
Message-ID:  <8142.66621.qm@web54304.mail.re2.yahoo.com>
In-Reply-To: <46AA6078.6020300@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks for reply.

Your suggestion solved my problem, thanks.

Yes, /etc/init.d/named is a typo.

Regards
Patrick

--- Doug Barton <dougb@FreeBSD.org> wrote:

> Patrick Dung wrote:
> > Hi
> > 
> > I use FreeBSD 6.2 and the base bind9.
> > For dynamic DNS update, bind9 automatically generate the journal
> file
> > (end in .jnl).
> > The default config is to use chroot and the running user as 'bind'.
> > 
> > The problem is that after named is started (/etc/init.d/named
> start),
> 
> Are you sure you're doing this on FreeBSD? We have rc.d, not initd.
> Assuming that was just a typo ...
> 
> > the default chroot directory /var/named/etc/named
> 
> The default directory is /etc/namedb, which is a symlink to
> /var/named/etc/namedb.
> 
> > permission will be reset to own by root. So the named daemon (run
> > as user 'bind') cannot create the journal file and complain:
> 
> You shouldn't be creating journal files in the config directory
> anyway.
> 
> > One temp fix is to use chroot and run as root, any suggestions?
> 
> Yeah, don't run named as root. Ever. :)
> 
> Assuming that you are actually running FreeBSD, and that you have not
> turned off the mtree option, you should have the following
> directories
> in /etc/namedb:
> 
> drwxr-xr-x  2 bind  wheel    512 Jul 23 00:47 dynamic/
> drwxr-xr-x  2 root  wheel    512 Jul 13 22:33 master/
> drwxr-xr-x  2 bind  wheel    512 Jul 27 14:05 slave/
> 
> The dynamic directory is obviously designed to hold dynamic zones,
> and
> it (like the slave directory) is chowned to user bind so that named
> can write to it after it drops privileges.
> 
> hth,
> 
> Doug
> 
> -- 
> 
>     This .signature sanitized for your protection
> 



       
____________________________________________________________________________________
Get the free Yahoo! toolbar and rest assured with the added security of spyware protection.
http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8142.66621.qm>