From owner-freebsd-questions@FreeBSD.ORG Fri Oct 1 20:16:30 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F3C6106564A for ; Fri, 1 Oct 2010 20:16:30 +0000 (UTC) (envelope-from cyberleo@cyberleo.net) Received: from paka.cyberleo.net (paka.cyberleo.net [66.219.31.21]) by mx1.freebsd.org (Postfix) with ESMTP id 380FA8FC0A for ; Fri, 1 Oct 2010 20:16:29 +0000 (UTC) Received: from [172.16.44.4] (dsl253-036-039.chi1.dsl.speakeasy.net [66.253.36.39]) by paka.cyberleo.net (Postfix) with ESMTPSA id C3F5628494; Fri, 1 Oct 2010 16:16:28 -0400 (EDT) Message-ID: <4CA6419C.3050109@cyberleo.net> Date: Fri, 01 Oct 2010 15:16:28 -0500 From: CyberLeo Kitsana User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9) Gecko/20100911 Lightning/1.0b3pre Thunderbird/3.1.3 MIME-Version: 1.0 To: Matthew References: <4CA61FE5.9050306@teksavvy.com> In-Reply-To: <4CA61FE5.9050306@teksavvy.com> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: BIND: could not configure root hints from 'named.root': file not found X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2010 20:16:30 -0000 On 10/01/2010 12:52 PM, Matthew wrote: > I would be grateful for any pointers on how to resolve this. I suspect > the error message may not be exactly descriptive of whats happening. Kinda. Here's a few points to keep in mind when working with bind in FreeBSD: * By default, named runs in a chroot jail rooted at /var/named/. * For security reasons, named cannot write to anything in that tree, except the dynamic, slave, and working directories. * named uses its current working directory to resolve relative pathnames in the configuration file. * With a recent change to ISC Bind 9, named started complaining if it couldn't write to its current working directory. At the time, this was (chroot)/etc/namedb/; this was subsequently changed to (chroot)/etc/namedb/working/ to make named happy without compromising security. When the working directory for named was (chroot)/etc/namedb/, everything was peachy. Since this was changed, relative pathnames no longer work as expected because the reference point is different. The easiest solution is to alter your configuration file to include only absolute pathnames, relative to the root of the jail. The default named config file (in /var/named/etc/namedb/named.conf) is an excellent source of examples for this. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net Furry Peace! - http://wwww.fur.com/peace/