Date: Fri, 2 Feb 2001 13:03:42 +0300 From: Roman Gnatenko <ron@zenon.net> To: FengYue <fengyue@bluerose.windmoon.nu> Cc: Dag-Erling Smorgrav <des@ofug.org>, Rossen Raykov <rraykov@sageian.com>, freebsd-security@FreeBSD.ORG Subject: Re: Ronning named in chroot env Message-ID: <20010202130342.C92089@zenon.net> In-Reply-To: <Pine.BSF.4.10.10102010921150.42187-100000@bluerose.windmoon.nu>; from fengyue@bluerose.windmoon.nu on Thu, Feb 01, 2001 at 09:26:06AM -0800 References: <xzpn1c6wcij.fsf@flood.ping.uio.no> <Pine.BSF.4.10.10102010921150.42187-100000@bluerose.windmoon.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Thu, Feb 01, 2001 at 09:26:06AM -0800, FengYue wrote: > > On 1 Feb 2001, Dag-Erling Smorgrav wrote: > > Only if your named.conf has 'directory "/";' in the options section, > > and you don't have any slave zones, and you're not interested in any > > log messages your name server produces. Come to think of it, the fact > > that named is now unable to log error messages is probably the reason > > why you think it works just fine :) > > Yes, it doesn't have any slave zones, but I do miss the logs. > > I will use your patch then:) > > BTW, you have a typo for the link: > > http://people.freebsd.org/~des/software/>; > > there is an extra '>' after software/ > > Thanks... > All the time configuration below work fine for me, I'm run named with -t option: options { directory "/"; pid-file "/run/named.pid"; named-xfer "/bin/named-xfer"; listen-on { 123.4.5.7; 127.0.0.1; }; transfer-source 123.4.5.7; query-source address 123.4.5.7 port 53; allow-transfer { my_acl; }; }; just compile named-xfer with -static and place to your /chroot/bin, to see what your named doing insert section like this into your named.conf logging { channel errchannel { file "log/errors"; severity info; print-time yes; print-category yes; print-severity yes; }; category default { errchannel; }; }; All files in /chroot must be root owned, except directory where bind placed secondary zones. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Roman Gnatenko <ron@zenon.net> Zenon N.S.P To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010202130342.C92089>