From owner-freebsd-current@FreeBSD.ORG Mon Oct 4 20:10:46 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2AC5716A4D7 for ; Mon, 4 Oct 2004 20:10:46 +0000 (GMT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id D231A43D2D for ; Mon, 4 Oct 2004 20:10:45 +0000 (GMT) (envelope-from DougB@freebsd.org) Received: from ob.icann.org ([192.0.35.106]) by comcast.net (sccrmhc11) with SMTP id <2004100420103501100j7n3ne> (Authid: domain_name_tsar); Mon, 4 Oct 2004 20:10:44 +0000 Date: Mon, 4 Oct 2004 13:10:33 -0700 (PDT) From: Doug Barton To: Jose M Rodriguez In-Reply-To: <200410041734.53316.freebsd@redesjm.local> Message-ID: <20041004125738.K778@bo.vpnaa.bet> References: <4160259A.3070708@FreeBSD.org> <4160C166.7060109@FreeBSD.org> <416159E8.5080804@FreeBSD.org> <200410041734.53316.freebsd@redesjm.local> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-current@freebsd.org Subject: New BIND 9 chroot directories X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2004 20:10:46 -0000 On Mon, 4 Oct 2004, Jose M Rodriguez wrote: > At last here, BETA7 come with a populated /var/named. Yes, this is as it should be. > we've used /var/named for ages without this layout. OK. > Is this really needed? It is necessary to have a default chroot directory structure, yes. You can easily prevent /etc/rc.d/named from doing anything with it by adding named_chroot_autoupdate="NO" to your /etc/rc.conf[.local] file. You can also prevent mergemaster from tempting you with files in /etc/namedb by adding NO_BIND_ETC to /etc/make.conf. What may be necessary at this point is to add a knob that prevents the directory structure from being created in the installworld step. I'll look at that tonight. I feel that I've provided the users plenty of knobs to customize this stuff with, but if folks have ideas on how it can be improved, I'm open to them. > This breaks our update plans. Well, hopefully I've demonstrated that the problems you've experienced can be worked around. Of course, two other options are available, one is to move your stuff to a different directory, and the other is to adopt the structure that is now being installed by default. > Also, I think this is not well documnted on UPDATING The entry in UPDATING says (in part): If you are using a custom configuration, or if you have customised the named_* variables in /etc/rc.conf[.local] then you may have to adjust the instructions accordingly. It is suggested that you carefully examine the new named variables in /etc/defaults/rc.conf and the options in /var/named/etc/namedb/named.conf to see if they might now be more suitable. If you have suggestions on how this can be made more clear, please let me know. Doug -- This .signature sanitized for your protection