Date: Fri, 01 Jan 2010 14:28:43 -0800 From: Doug Barton <dougb@FreeBSD.org> To: Oliver Lehmann <oliver@FreeBSD.org> Cc: stable@freebsd.org Subject: Re: RELENG_7 changes for rc.d/named Message-ID: <4B3E771B.5010207@FreeBSD.org> In-Reply-To: <20100101222205.23d723eb.oliver@FreeBSD.org> References: <20100101120548.dc06edfb.lehmann@ans-netz.de> <4B3E53CE.3070403@FreeBSD.org> <20100101222205.23d723eb.oliver@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Oliver Lehmann wrote:
> Hi Doug,
>
> Doug Barton wrote:
>
>> Your
>> suggestion that I've simply foisted some untested crap onto the
>> FreeBSD community is at best, rude. At worst, it's just plain stupid
>> given that named is chroot'ed by default, and has been for years.
>
> I was not trying to blame you in person for anything which might have
> been wrong in rc.d/named or not. If you've read that out of my mail it
> must have been my english knowledge which might be insufficient. My
> intention was just to bring up a point which may also disencourage other
> people.
Fair enough. Like I said in my previous post, if I was wrong, or
overreacted I'm sorry.
> I was just wondering why the chroot option of named-checkconf was not
> used with the specified chroot-dir.
named-checkconf is called with $named_conf as an argument. It not used
with the -t option, the assumption is that the symlink is properly
created. The presence of a valid symlink in /etc to the conf dir in
the chroot is very important, and used for several things including
named-checkconf and rndc.
>> You can fix
>> this in your situation by removing whatever is there for /etc/named
>> and creating the symlink yourself before trying to start it up again.
>
> Did that and used your new script - now it works.
>
>> What I recommend to people is that
>> they start with the default named.conf and then use include statements
>> for local options.
>
> Hmm ok... But I'm using this configuration/setup since 03/2003 without
> problems and just adjusted it from time to time to meet the new
> requirements (bind 8->9 switch and so on)
> I'm using "named" instead of "namedb" because the whole directory is kept
> in a local cvs and I just wanted it "out" of the FreeBSD related files to
> make sure there is no interference at all.
Okey dokey. Like I said, if you have a good reason for what you're
doing and you're able to make it work, that's fine. I would like to
make the infrastructure as flexible as possible however, and I'm glad
you prompted me to take another look at the conf dir stuff in
rc.d/named because that was a rather embarrassing oversight on my part.
I am wondering though if you're using rndc at all ...
> One small thing is left, rndc.key gets always created on start.
> There is a typo in line 188+189 of rc.d/named:
>
> if [ -s "${named_confidr}/rndc.key" ]; then
> case `stat -f%Su ${named_confidr}/rndc.key` in
Ok, I've fixed those, thanks for catching them. I did test that the
file was created in the proper location if it didn't exist, but the
combination of dyslexia and going too fast is not a good thing.
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
Computers are useless. They can only give you answers.
-- Pablo Picasso
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B3E771B.5010207>