From owner-freebsd-current@FreeBSD.ORG Tue Oct 5 01:25:43 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E162416A4CE for ; Tue, 5 Oct 2004 01:25:43 +0000 (GMT) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [204.127.202.55]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DB0B43D39 for ; Tue, 5 Oct 2004 01:25:43 +0000 (GMT) (envelope-from DougB@freebsd.org) Received: from ob.icann.org ([192.0.35.106]) by comcast.net (sccrmhc11) with ESMTP id <2004100501254201100j7ldpe> (Authid: domain_name_tsar); Tue, 5 Oct 2004 01:25:42 +0000 Date: Mon, 4 Oct 2004 18:25:31 -0700 (PDT) From: Doug Barton To: Jose M Rodriguez In-Reply-To: <200410042343.19211.freebsd@redesjm.local> Message-ID: <20041004181933.H96420@bo.vpnaa.bet> References: <4160259A.3070708@FreeBSD.org> <200410041734.53316.freebsd@redesjm.local> <200410042343.19211.freebsd@redesjm.local> Organization: http://www.FreeBSD.org/ X-message-flag: Outlook -- Not just for spreading viruses anymore! MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-895023347-1096939531=:96420" cc: freebsd-current@freebsd.org Subject: Re: New BIND 9 chroot directories X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Oct 2004 01:25:44 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-895023347-1096939531=:96420 Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8BIT On Mon, 4 Oct 2004, Jose M Rodriguez wrote: > El Lunes, 4 de Octubre de 2004 22:10, Doug Barton escribió: > Really good work. But, this is really needed? > I can't see why. Because running bind chrooted is considerably safer, and the defaults should be as safe as possible unless it is an inconvenience to the majority of our users. In this case you are arguing against the change because it is a temporary inconvenience to you. That's not a good enough reason. :) The entry in UPDATING already says, "If you are running a custom named config already, go look at the defaults." We expect users doing more advanced things to have more advanced skills. If they don't, they should probably use the defaults. As for your other message about names of directories, layouts, etc., feel free to edit the BIND.chroot.dist mtree file, and you can have whatever you want. For that matter, edit /etc/rc.d/named if it will make you feel better. No one is "forcing" you to do anything. You have all the bits directly at hand, and the ability to do whatever you want with them. Enjoy, Doug -- This .signature sanitized for your protection --0-895023347-1096939531=:96420--