Date: Mon, 4 Oct 2004 13:22:24 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: Jose M Rodriguez <josemi@freebsd.jazztel.es> Cc: freebsd-current@freebsd.org Subject: Re: problems with latest bind9 setup changes Message-ID: <20041004131742.A778@bo.vpnaa.bet> In-Reply-To: <200410021139.49551.freebsd@redesjm.local> References: <200410021033.37844.freebsd@redesjm.local> <20041002084741.GA55948@ip.net.ua> <200410021139.49551.freebsd@redesjm.local>
index | next in thread | previous in thread | raw e-mail
FYI, freebsd-current@freebsd.org and current@freebsd.org are two aliases
for the same list. It is not needed to cc both.
On Sat, 2 Oct 2004, Jose M Rodriguez wrote:
> /usr/src/UPDATING
>
> - If enabled, the default is now to run named in a chroot
> + The default is now to run named in a chroot
I just committed an update to clarify that language.
> IMHO, this is not a good design. If you ask ten admin about the best named
> chrooted setup, you'll get, at last, twelve setups.
That's correct, although the one I committed was the one I used at
Yahoo! on hundreds of name servers, and is both thorough and effective.
I "borrowed" from the best ideas from various knowledgeable sources, and
my own extensive experience. Of course, if someone has better ideas, I'm
open to them.
> Making strong support for a chrooted named is really needed. But moving the
> release default setup to a strong model on that not.
I'm sorry, I don't understand this.
> I'll prefer a sandwidch setup (named_flags="-u bind", named_chroot="")
> as release default.
Defaulting to using the chroot structure is a good change, and suitable
for the vast majority of users. If you want something different, the
knobs are there for you to twist. :)
Doug
--
This .signature sanitized for your protection
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041004131742.A778>