Date: Wed, 13 Nov 2013 19:59:23 +0200 From: George Kontostanos <gkontos.mail@gmail.com> To: Erwin Lansing <erwin@freebsd.org> Cc: FreeBSD Release Engineering Team <re@freebsd.org>, Stefan Bethke <stb@lassitu.de>, FreeBSD Current <freebsd-current@freebsd.org>, Gleb Smirnoff <glebius@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org>, =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@freebsd.org>, =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com> Subject: Re: FreeBSD 10 Beta2 /etc/rc.d/named script and /etc/defaults/rc.conf Message-ID: <CA%2BdUSyq6wukHVHpAz0uquMMuWNcmq2SqBp3sKQzZOcxov1_OSA@mail.gmail.com> In-Reply-To: <20131112111322.GV90670@droso.dk> References: <CAAcX-AFJ__4CDz7%2BabFoRf%2BecrfOZRFXaos1sYnb85=k_BweEw@mail.gmail.com> <20131103220654.GU52889@FreeBSD.org> <6AA4A8E1-CBCE-4C87-A320-BB08EC76715F@lassitu.de> <CA%2BdUSypfj5Ja%2BKi1tikG19na7Dv96foW3HE%2BTEPaNYOUM9r5Cw@mail.gmail.com> <20131104083443.GZ52889@FreeBSD.org> <2B21E123-23BA-4E07-B9DD-9DE1CDE40D08@FreeBSD.org> <20131104163457.GJ52889@FreeBSD.org> <CA%2BdUSyp5JWskKU7_oMxuTsZekimtRs2A%2BmEZm=kS-87jNjF9yQ@mail.gmail.com> <868B00D6-101A-4B17-995F-A3E2AFE41908@lansing.dk> <20131112111322.GV90670@droso.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 12, 2013 at 1:13 PM, Erwin Lansing <erwin@freebsd.org> wrote: > On Wed, Nov 06, 2013 at 02:59:15PM +0100, Erwin Lansing wrote: > > >> E> > > > >> E> > Erwin, can you please handle that? > > >> E> > > >> E> Things are much worse that this, the ports are completely written > under the assumption that there is a Bind in base, which of course would > already break with WITHOUT_BIND before Bind was completely removed. It > will be hard to fix without breaking the installed base of 8 and 9. Sigh. > > >> E> > > >> E> I'll try to work on it this week, but unfortunately have a full > schedule of meetings and travel as well. > > > > > > Suggestion. An option to install the rc script would solve that > problem. > > > > > > > If only it was that simple, it would have been done a long time ago. As > Gleb points out, the ports are broken by design. The rc script needs a > complete rewrite, and that's only after fixing all configuration files, > setting up chroot, etc etc and all that while not breaking the installed > base on 8 and 9. I spent most of yesterday on this and if I'm lucky, I'm > halfway through. > > > > > Sorry about the delay, but I did finally update all three dns/bind9* > ports today. I have dropped the complicated chroot, and related > symlinking, logic from the default rc script as I don't think that > is the right place to implement things. I would recommend users > who want the extra security to use jail(8) instead of a mere chroot. > > This change should not affect the installed base of FreeBSD 9.x and > earlier systems, but new installations there should note that the > symlink option is no longer turned on by default, but still supported. > > I tested some default cases, but by no means can test every corner case, > so please let me know how this works out. > > Best, > Erwin > > Excellent thanks so much! If you had named running using the old rc scripts and config in 10 you will need to: 1) Backup your zones & stop named 2) Delete /var/named/* 3) Create a new symlink in etc to /usr/local/etc/namedb 4) Restore your zones 5) Start named from the new rc script -- George Kontostanos --- http://www.aisecure.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BdUSyq6wukHVHpAz0uquMMuWNcmq2SqBp3sKQzZOcxov1_OSA>