From owner-freebsd-questions@FreeBSD.ORG Tue Aug 10 08:40:09 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D8FB16A4CE for ; Tue, 10 Aug 2004 08:40:09 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41BA943D39 for ; Tue, 10 Aug 2004 08:40:08 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i7A8e1P5099587 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 10 Aug 2004 09:40:01 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i7A8e0L7099577; Tue, 10 Aug 2004 09:40:00 +0100 (BST) (envelope-from matthew) Date: Tue, 10 Aug 2004 09:40:00 +0100 From: Matthew Seaman To: Michael Sharp Message-ID: <20040810084000.GB26794@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Michael Sharp , jmlewis@dslextreme.com, freebsd-questions@freebsd.org References: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NMuMz9nt05w80d4+" Content-Disposition: inline In-Reply-To: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1> User-Agent: Mutt/1.5.6i X-Greylist: Message not sent from an IPv4 address, not delayed by milter-greylist-1.5.3 (smtp.infracaninophile.co.uk [0.0.0.0]); Tue, 10 Aug 2004 09:40:01 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: jmlewis@dslextreme.com cc: freebsd-questions@freebsd.org Subject: Re: Replacing Bind8x with Bind9 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2004 08:40:09 -0000 --NMuMz9nt05w80d4+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The OP could just wait a few weeks and upgrade to one of the 5.3 BETAs -- or wait a month and a half and upgrade to 5.3-RELEASE, where BIND9 will be the default resolver in the system. On Tue, Aug 10, 2004 at 04:14:03AM -0400, Michael Sharp wrote: > read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BI= ND9' > option to make. >=20 > make PORT_REPLACES_BASE_BIND9=3Dyes install clean Ummm... PORT_REPLACES_BASE_BIND9 generally means that the port uses /usr as ${PREFIX} rather than the normal value of /usr/local -- that means it will fight with the base system over which owns those files. The instructions below only apply if you *don't* use PORT_REPLACES_BASE_BIND9. =20 > In rc.conf > ---------- > named_enable=3D"YES" > named_program=3D"/usr/local/sbin/named" > named_flags=3D"-c /usr/local/etc/namedb/named.conf -u bind" =20 If you're going to use PORT_REPLACES_BASE_BIND9, then you should certainly set NO_BIND=3Dyes in /etc/make.conf. However, my advice would be /not/ to use PORT_REPLACES_BASE_BIND9: just install the port under /usr/local as usual, and adjust the make.conf settings as above. You can add NO_BIND=3Dyes to make.conf or not, as you like. =20 > and you can also put NO_BIND=3D true in /etc/make.conf so that base BIND > isn't build when you make world. >=20 > Definetly consider chrooting or jailing BIND If you install BIND9, you can run it chrooted without having to install all of the bind executables under the chroot area: just use a rc.conf setting like: named_flags=3D"-c /etc/namedb/named.conf -u bind -t /var/named" and set up the chroot area under /var/named as needed. See the instructions at: http://www.losurs.org/docs/howto/Chroot-BIND.html which needs a bit of interpretation as those are instructions for Linux, and FreeBSD does things a little differently. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --NMuMz9nt05w80d4+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBGIngiD657aJF7eIRAr5WAJ9H89QHUrEmouQUwttgwpICkKg+nQCglumV gaHZ5fTPrsSCn5gx0s2pPF8= =pO+R -----END PGP SIGNATURE----- --NMuMz9nt05w80d4+--