Date: Sun, 16 Mar 2014 07:56:19 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: changes to base system DNS Message-ID: <53255923.8080004@FreeBSD.org> In-Reply-To: <CAN6yY1vsLYMziT-Ge=xQA8u%2BmCtnTQCnZsarPGu05nKPQa8acA@mail.gmail.com> References: <5324C1E9.6040802@rcn.com> <CAN6yY1vsLYMziT-Ge=xQA8u%2BmCtnTQCnZsarPGu05nKPQa8acA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 16/03/2014 00:01, Kevin Oberman wrote:
> Note that the base BIND was chrooted by default. I don't believe that p=
orts
> version is on 10, so you really should either chroot it yourself or, be=
tter
> yet, put it in a jail. I really recommend a jail.
It's a shame that the chroot'ing couldn't be incorporated into the
bind99 port. I'd like to bring it back, but it seems that there are a
few obstacles:
* /var/named and contents are listed as 'old directories' belonging
to the base system, and so would be deleted during the normal
course of an upgrade from 9 to 10[*].
* In order to set up a chroot as it was done previously, various
files would need to move from ${LOCALBASE}/etc/namedb/ to the
chroot dir. This would tend to break an installed pkg.
I haven't had an opportunity to look at it in any great detail yet, but
so far I still think it should at least be possible to do.
Cheers,
Matthew
[*] This was perhaps the most unwelcome surprise I encountered while
doing a 9 to 10 upgrade. I didn't affect me because a) I was upgrading
via a separate boot environment and b) I've got all my DNS zone data
under version control anyhow. But I can see it becoming more than just
a momentary annoyance to many. *Back up your zone data before you start
upgrading.*
--=20
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
--E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJ8BAEBCgBmBQJTJVkrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATAOsP/ihqUIuaJftujNadyzd65WzV
8e/LUGw3WJ1aloZeByNJssyBrpL5GrZv2aIUAb95qLeUXyDo1NOOST+qndlbZESv
Zhs2u2+IBSakSzzvK8ICivmzxlvMGDp3uakuAzacuUDd4IR21XnrXpIbKbVYCxKd
4snv//+qTN8GYRd6pKPOFquz4m6SHncFia2YP8z8swaNOyhge/dsfpizpTfdA5td
kIGLVtwwLQkZ3/BuS6ULFN8kZ6L37kJRUy5k7t94sbry3RRSzSZzhhprO1OrRS0k
zPpduEX+IyHewgQXsKiRKGfPXFFqpbR1QMsxBOQ8Boma5D4JyZEEaBWY5BmsGcWq
e6iJalcF50ArZxXFfMMk6K3Ga7R2CI+EuSEq9bZP9tCQpF2PCceXm6FZDlwiIOU8
EcaiDGsiD71vylFWGbcnnO3RJZNCO2uq/bSVa0lfD+CdtocbiqRvao9iE/biA/dz
ROAwoknLGgxIKY3TNOYv/YbiroeIHhSM+SXiNtP25QSuuNfN64sA2fY/eDxK6T/r
cdTuEz9JVdhuyYe77olxWmVb8EgHepQqDFTL1eed8njg3J4NMrVDJlmecbhBXgJe
q9GZMkbNzzOiNPYdGNzcFRoMlDA+ns/bhZy7okqD017TICIMOIbMqTJiQxVPcHue
6a1gJRow7nWleWs4XSG/
=zF2K
-----END PGP SIGNATURE-----
--E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53255923.8080004>