Date: Sat, 25 Sep 2004 00:44:35 +0100 (BST) From: Doug Barton <DougB@FreeBSD.org> To: Sean McNeil <sean@mcneil.com> Cc: Grover Lines <grover@ceribus.net> Subject: Re: Proper way to run bind9 Message-ID: <20040925001835.U7126@URF.trarfvf> In-Reply-To: <1096064849.1047.7.camel@server.mcneil.com> References: <1096042856.24267.6.camel@purgatory.ceribus.net> <xzpsm97v49e.fsf@dwp.des.no> <20040924222550.F6548@URF.trarfvf> <1096064849.1047.7.camel@server.mcneil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--0-2051731152-1096068471=:7126
Content-Type: TEXT/PLAIN; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT
On Fri, 24 Sep 2004, Sean McNeil wrote:
> On Fri, 2004-09-24 at 14:27, Doug Barton wrote:
>> On Fri, 24 Sep 2004, Dag-Erling Smørgrav wrote:
>>
>>> Grover Lines <grover@ceribus.net> writes:
>>>> named_pidfile="/var/run/named/pid" # Must set this in named.conf as well
>>> ^^^^^^^^^^^^^^^^^^
>>> should be /var/run/named.pid, fixed in CVS.
>>>
>>> DES
>>>
>>
>> It's actually not named.pid in our structure. As explained in the note
>> behind the variable, we set the pid-file variable in named.conf so that
>> named running wit h -u bind (but not chrooted) will still be able to
>> drop a pid file in /var/run/named, which is chowned to user bind.
>
> This is currently not correct in some files (i.e.
> /etc/defaults/rc.conf).
DES made an honest mistake in rc.conf. I was waiting for him to back it
out himself, but apparently he's off having a life or something. :) I
went ahead and fixed it a bit ago.
You mentioned "some files," do you know of anywhere else that it is not
correct?
> Also, the /etc/rc.d/named script will do an
>
> ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
>
> if named_symlink_enable is set (which is by default). Please protect
> this with
>
> if [ -n "$named_chrootdir" ]; then
On my system this fails harmlessly, but you're right, it shouldn't be
run if there is no chroot. I'll commit a fix for this in a second.
> for those who do not have a chrootdir. Otherwise we end up with a
> recursive link.
Actually the final result of this situation depends on the configuration
options. But you're right, this bullet should be removed from the
foot-shooting gun.
>> To answer Grover's question, it really depends on what you want to use
>> it for. The system named.conf will run fine for bind 9 as a resolver,
>> now that the /etc/rc.d/named script has been updated to create an
>> rndc.key file if one doesn't exist.
>
> This is broken too. If named_chrootdir isn't set, then confgen_chroot
> doesn't get set and it messes up the invokation of rndc-confgen. I
> think taking the "" off of the ${confgen_chroot} will solve this but I'm
> not sure.
Only broken for the non-chroot case. :) You're right about the fix
though, I committed the wrong version when I was testing it last night.
Thanks for the bug report.
>> If all you want to do is start up named as a resolver,
>> named_enable="yes" is all you need. You don't need to specify the conf
>> file to run the system's version of bind, that path is defined in.
>>
>> I'm currently working on a setup so that named can be started chrooted
>> by default. Not sure if that will get in before 5.3-RELEASE or not, but
>> I'm hoping it will.
>
> It would be nice to have it all working while you make these changes.
That is the goal, yes.
Thanks again,
Doug
--
This .signature sanitized for your protection
--0-2051731152-1096068471=:7126--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040925001835.U7126>