From owner-freebsd-questions@FreeBSD.ORG Fri Feb 11 23:17:34 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D003D16A4CE for ; Fri, 11 Feb 2005 23:17:34 +0000 (GMT) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id CDA9743D2D for ; Fri, 11 Feb 2005 23:17:33 +0000 (GMT) (envelope-from emanuel.strobl@gmx.net) Received: (qmail invoked by alias); 11 Feb 2005 23:17:32 -0000 Received: from flb.schmalzbauer.de (EHLO cale.flintsbach.schmalzbauer.de) (62.245.232.135) by mail.gmx.net (mp015) with SMTP; 12 Feb 2005 00:17:32 +0100 X-Authenticated: #301138 From: Emanuel Strobl To: freebsd-questions@freebsd.org Date: Sat, 12 Feb 2005 00:17:30 +0100 User-Agent: KMail/1.7.2 References: <20050211222931.GA14659@phenix.rootshell.be> In-Reply-To: <20050211222931.GA14659@phenix.rootshell.be> X-Birthday: 10/06/72 X-CelPhone: +49 173 9967781 X-Tel: +49 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1392869.caFvKfZLNW"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200502120017.38796@harrymail> X-Y-GMX-Trusted: 0 cc: kilim Subject: Re: DNS' bind 9 chrooted by default ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2005 23:17:34 -0000 --nextPart1392869.caFvKfZLNW Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 11. Februar 2005 23:29 schrieb kilim: > Hello, > > regarding Bind 9, here: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bind9.h= tm >l > > its stated that the configuration file resides in > /var/named/etc/namedb/ and that bind will be chrooted automatically. > > Yet here: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html > > steps are shown for manual chrooting of bind (not version 9) > > So I just want to confirm it with you guys, is bind 9.3 really > chrooted by default on 5.3 ? Yes it is, at least on my oldest 5.3-STABLE box, I don't have a 5.3-RELEASE= =20 handy to verify. Your configuration directory will still be /etc/namedb,=20 not /var/named/etc/namedb since, by default, the chroot environment gets au= to=20 updated. See these options for rc.conf for further details: named_enable=3D"NO" # Run named, the DNS server (or NO). named_program=3D"/usr/sbin/named" # path to named, if you want a different = one. named_flags=3D"-u bind" # Flags for named named_pidfile=3D"/var/run/named/pid" # Must set this in named.conf as well named_chrootdir=3D"/var/named" # Chroot directory (or "" not to auto-chr= oot=20 it) named_chroot_autoupdate=3D"YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable=3D"YES" # Symlink the chrooted pid file Ragards, =2DHarry --nextPart1392869.caFvKfZLNW Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCDT0SBylq0S4AzzwRAgxOAJwM1maK/ag6/A9B4BxJ9zG/0ky/RgCffzWo p6w4CQ/61ldkcFTpnUQEJ1I= =+PZq -----END PGP SIGNATURE----- --nextPart1392869.caFvKfZLNW--