Date: Mon, 4 Oct 2004 23:43:17 +0200 From: Jose M Rodriguez <josemi@freebsd.jazztel.es> To: Doug Barton <DougB@freebsd.org> Cc: Jose M Rodriguez <josemi@freebsd.jazztel.es> Subject: Re: New BIND 9 chroot directories Message-ID: <200410042343.19211.freebsd@redesjm.local> In-Reply-To: <20041004125738.K778@bo.vpnaa.bet> References: <4160259A.3070708@FreeBSD.org> <200410041734.53316.freebsd@redesjm.local> <20041004125738.K778@bo.vpnaa.bet>
next in thread | previous in thread | raw e-mail | index | archive | help
El Lunes, 4 de Octubre de 2004 22:10, Doug Barton escribi=F3:
> On Mon, 4 Oct 2004, Jose M Rodriguez wrote:
> > At last here, BETA7 come with a populated /var/named.
>
> Yes, this is as it should be.
>
> > we've used /var/named for ages without this layout.
>
> OK.
>
> > Is this really needed?
>
> It is necessary to have a default chroot directory structure, yes.
> You can easily prevent /etc/rc.d/named from doing anything with it by
> adding named_chroot_autoupdate=3D"NO" to your /etc/rc.conf[.local]
> file. You can also prevent mergemaster from tempting you with files
> in /etc/namedb by adding NO_BIND_ETC to /etc/make.conf. What may be
> necessary at this point is to add a knob that prevents the directory
> structure from being created in the installworld step. I'll look at
> that tonight.
>
Really good work. But, this is really needed?
I can't see why.
We can go release with a default:
named_chrootdir=3D""
named_flags=3D"-u bind"
named_enable=3D"NO"
And with your strong support for chrooted operation in /etc/rc.d/named
So any sysadmin have time/freedoom for setup the chroot before launch=20
named.
The default setup seems enough for a firsttimer/home user. I'll prefer=20
a /etc/named/named.conf default that only listen on localhost.
Even I see easier tweak /etc/rc.d/named to populate a wide=20
${named_chrootdir} from defaults and /etc/namedb.
I'm really sorry about that, but I think that the status at fresh BETA6=20
is far better than now.
> I feel that I've provided the users plenty of knobs to customize this
> stuff with, but if folks have ideas on how it can be improved, I'm
> open to them.
>
Yes, this is not the way. I think you allready go too far on this.
> > This breaks our update plans.
>
> Well, hopefully I've demonstrated that the problems you've
> experienced can be worked around. Of course, two other options are
> available, one is to move your stuff to a different directory, and
> the other is to adopt the structure that is now being installed by
> default.
>
> > Also, I think this is not well documnted on UPDATING
>
> The entry in UPDATING says (in part):
>
> If you are using a custom configuration, or if you have
> customised the named_* variables in /etc/rc.conf[.local]
> then you may have to adjust the instructions accordingly.
> It is suggested that you carefully examine the new named
> variables in /etc/defaults/rc.conf and the options in
> /var/named/etc/namedb/named.conf to see if they might
> now be more suitable.
>
> If you have suggestions on how this can be made more clear, please
> let me know.
>
> Doug
If we go release rigth now, you must describe directly the chroot setup=20
and not as an option.
An explicit reference to /var/named (filled from tarballs) must exist in=20
release notes.
=2D-
josemi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410042343.19211.freebsd>