From owner-freebsd-stable@FreeBSD.ORG Fri Jan 1 22:28:45 2010 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13CE01065679 for ; Fri, 1 Jan 2010 22:28:45 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with ESMTP id B2DD28FC15 for ; Fri, 1 Jan 2010 22:28:44 +0000 (UTC) Received: (qmail 27081 invoked by uid 399); 1 Jan 2010 22:28:43 -0000 Received: from localhost (HELO foreign.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 1 Jan 2010 22:28:43 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4B3E771B.5010207@FreeBSD.org> Date: Fri, 01 Jan 2010 14:28:43 -0800 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Thunderbird 2.0.0.23 (X11/20091206) MIME-Version: 1.0 To: Oliver Lehmann References: <20100101120548.dc06edfb.lehmann@ans-netz.de> <4B3E53CE.3070403@FreeBSD.org> <20100101222205.23d723eb.oliver@FreeBSD.org> In-Reply-To: <20100101222205.23d723eb.oliver@FreeBSD.org> X-Enigmail-Version: 0.96.0 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: stable@freebsd.org Subject: Re: RELENG_7 changes for rc.d/named X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jan 2010 22:28:45 -0000 Oliver Lehmann wrote: > Hi Doug, > > Doug Barton wrote: > >> Your >> suggestion that I've simply foisted some untested crap onto the >> FreeBSD community is at best, rude. At worst, it's just plain stupid >> given that named is chroot'ed by default, and has been for years. > > I was not trying to blame you in person for anything which might have > been wrong in rc.d/named or not. If you've read that out of my mail it > must have been my english knowledge which might be insufficient. My > intention was just to bring up a point which may also disencourage other > people. Fair enough. Like I said in my previous post, if I was wrong, or overreacted I'm sorry. > I was just wondering why the chroot option of named-checkconf was not > used with the specified chroot-dir. named-checkconf is called with $named_conf as an argument. It not used with the -t option, the assumption is that the symlink is properly created. The presence of a valid symlink in /etc to the conf dir in the chroot is very important, and used for several things including named-checkconf and rndc. >> You can fix >> this in your situation by removing whatever is there for /etc/named >> and creating the symlink yourself before trying to start it up again. > > Did that and used your new script - now it works. > >> What I recommend to people is that >> they start with the default named.conf and then use include statements >> for local options. > > Hmm ok... But I'm using this configuration/setup since 03/2003 without > problems and just adjusted it from time to time to meet the new > requirements (bind 8->9 switch and so on) > I'm using "named" instead of "namedb" because the whole directory is kept > in a local cvs and I just wanted it "out" of the FreeBSD related files to > make sure there is no interference at all. Okey dokey. Like I said, if you have a good reason for what you're doing and you're able to make it work, that's fine. I would like to make the infrastructure as flexible as possible however, and I'm glad you prompted me to take another look at the conf dir stuff in rc.d/named because that was a rather embarrassing oversight on my part. I am wondering though if you're using rndc at all ... > One small thing is left, rndc.key gets always created on start. > There is a typo in line 188+189 of rc.d/named: > > if [ -s "${named_confidr}/rndc.key" ]; then > case `stat -f%Su ${named_confidr}/rndc.key` in Ok, I've fixed those, thanks for catching them. I did test that the file was created in the proper location if it didn't exist, but the combination of dyslexia and going too fast is not a good thing. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo Picasso