Date: Tue, 10 Aug 2004 09:40:00 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Michael Sharp <ms@probsd.org> Cc: freebsd-questions@freebsd.org Subject: Re: Replacing Bind8x with Bind9 Message-ID: <20040810084000.GB26794@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1> References: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1>
next in thread | previous in thread | raw e-mail | index | archive | help
--NMuMz9nt05w80d4+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
The OP could just wait a few weeks and upgrade to one of the 5.3 BETAs
-- or wait a month and a half and upgrade to 5.3-RELEASE, where BIND9
will be the default resolver in the system.
On Tue, Aug 10, 2004 at 04:14:03AM -0400, Michael Sharp wrote:
> read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BI=
ND9'
> option to make.
>=20
> make PORT_REPLACES_BASE_BIND9=3Dyes install clean
Ummm... PORT_REPLACES_BASE_BIND9 generally means that the port uses
/usr as ${PREFIX} rather than the normal value of /usr/local -- that
means it will fight with the base system over which owns those files.
The instructions below only apply if you *don't* use
PORT_REPLACES_BASE_BIND9.
=20
> In rc.conf
> ----------
> named_enable=3D"YES"
> named_program=3D"/usr/local/sbin/named"
> named_flags=3D"-c /usr/local/etc/namedb/named.conf -u bind"
=20
If you're going to use PORT_REPLACES_BASE_BIND9, then you should
certainly set NO_BIND=3Dyes in /etc/make.conf. However, my advice would
be /not/ to use PORT_REPLACES_BASE_BIND9: just install the port under
/usr/local as usual, and adjust the make.conf settings as above. You
can add NO_BIND=3Dyes to make.conf or not, as you like.
=20
> and you can also put NO_BIND=3D true in /etc/make.conf so that base BIND
> isn't build when you make world.
>=20
> Definetly consider chrooting or jailing BIND
If you install BIND9, you can run it chrooted without having to
install all of the bind executables under the chroot area: just use a
rc.conf setting like:
named_flags=3D"-c /etc/namedb/named.conf -u bind -t /var/named"
and set up the chroot area under /var/named as needed. See the
instructions at:
http://www.losurs.org/docs/howto/Chroot-BIND.html
which needs a bit of interpretation as those are instructions for
Linux, and FreeBSD does things a little differently.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--NMuMz9nt05w80d4+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)
iD8DBQFBGIngiD657aJF7eIRAr5WAJ9H89QHUrEmouQUwttgwpICkKg+nQCglumV
gaHZ5fTPrsSCn5gx0s2pPF8=
=pO+R
-----END PGP SIGNATURE-----
--NMuMz9nt05w80d4+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040810084000.GB26794>