From owner-freebsd-questions@FreeBSD.ORG Sun Jul 29 11:26:50 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F24416A418 for ; Sun, 29 Jul 2007 11:26:50 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: from web54304.mail.re2.yahoo.com (web54304.mail.re2.yahoo.com [206.190.49.114]) by mx1.freebsd.org (Postfix) with SMTP id C32D513C478 for ; Sun, 29 Jul 2007 11:26:49 +0000 (UTC) (envelope-from patrick_dkt@yahoo.com.hk) Received: (qmail 67840 invoked by uid 60001); 29 Jul 2007 11:26:45 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.hk; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=G/JjQlAezL2jloaa8fk6r0SDNYw53DL22L7Em5JlXQxuhAyLdpmzCdXhaW5hH5v36lKN3S0/1xw59/pgieVvvqUnENKeYe+CqrWW6+DW/WBMQd8LQYhgO3mjbB8ElmaeuBYv4+bMtbZqPaTYKi1MFX0uAshLD0mOudaR6QtRl0o=; X-YMail-OSG: 2cB1HaMVM1k4ktFa4eok8Dfu3ppv2mQd7da6IgLFhd36aRu1SXsKSs8U6s.OXSgyvKMZ5iRY.lFoCNBiZSCAOPS9tZizJg0M7qS2jp5bftUXMwY- Received: from [61.15.61.52] by web54304.mail.re2.yahoo.com via HTTP; Sun, 29 Jul 2007 04:26:44 PDT Date: Sun, 29 Jul 2007 04:26:44 -0700 (PDT) From: Patrick Dung To: Doug Barton In-Reply-To: <46AA6078.6020300@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <8142.66621.qm@web54304.mail.re2.yahoo.com> Cc: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: Re: ISC bind9 with dynamic DNS update (chroot problem) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jul 2007 11:26:50 -0000 Thanks for reply. Your suggestion solved my problem, thanks. Yes, /etc/init.d/named is a typo. Regards Patrick --- Doug Barton wrote: > Patrick Dung wrote: > > Hi > > > > I use FreeBSD 6.2 and the base bind9. > > For dynamic DNS update, bind9 automatically generate the journal > file > > (end in .jnl). > > The default config is to use chroot and the running user as 'bind'. > > > > The problem is that after named is started (/etc/init.d/named > start), > > Are you sure you're doing this on FreeBSD? We have rc.d, not initd. > Assuming that was just a typo ... > > > the default chroot directory /var/named/etc/named > > The default directory is /etc/namedb, which is a symlink to > /var/named/etc/namedb. > > > permission will be reset to own by root. So the named daemon (run > > as user 'bind') cannot create the journal file and complain: > > You shouldn't be creating journal files in the config directory > anyway. > > > One temp fix is to use chroot and run as root, any suggestions? > > Yeah, don't run named as root. Ever. :) > > Assuming that you are actually running FreeBSD, and that you have not > turned off the mtree option, you should have the following > directories > in /etc/namedb: > > drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/ > drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/ > drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/ > > The dynamic directory is obviously designed to hold dynamic zones, > and > it (like the slave directory) is chowned to user bind so that named > can write to it after it drops privileges. > > hth, > > Doug > > -- > > This .signature sanitized for your protection > ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php