From owner-freebsd-questions@FreeBSD.ORG Sun Mar 16 07:56:34 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3CFF7548 for ; Sun, 16 Mar 2014 07:56:34 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D30CEC12 for ; Sun, 16 Mar 2014 07:56:33 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s2G7uRXp020828 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 16 Mar 2014 07:56:27 GMT (envelope-from matthew@FreeBSD.org) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s2G7uRXp020828 Authentication-Results: smtp.infracaninophile.co.uk/s2G7uRXp020828; dkim=none reason="no signature"; dkim-adsp=none Message-ID: <53255923.8080004@FreeBSD.org> Date: Sun, 16 Mar 2014 07:56:19 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: changes to base system DNS References: <5324C1E9.6040802@rcn.com> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Mar 2014 07:56:34 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 16/03/2014 00:01, Kevin Oberman wrote: > Note that the base BIND was chrooted by default. I don't believe that p= orts > version is on 10, so you really should either chroot it yourself or, be= tter > yet, put it in a jail. I really recommend a jail. It's a shame that the chroot'ing couldn't be incorporated into the bind99 port. I'd like to bring it back, but it seems that there are a few obstacles: * /var/named and contents are listed as 'old directories' belonging to the base system, and so would be deleted during the normal course of an upgrade from 9 to 10[*]. * In order to set up a chroot as it was done previously, various files would need to move from ${LOCALBASE}/etc/namedb/ to the chroot dir. This would tend to break an installed pkg. I haven't had an opportunity to look at it in any great detail yet, but so far I still think it should at least be possible to do. Cheers, Matthew [*] This was perhaps the most unwelcome surprise I encountered while doing a 9 to 10 upgrade. I didn't affect me because a) I was upgrading via a separate boot environment and b) I've got all my DNS zone data under version control anyhow. But I can see it becoming more than just a momentary annoyance to many. *Back up your zone data before you start upgrading.* --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey --E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTJVkrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATAOsP/ihqUIuaJftujNadyzd65WzV 8e/LUGw3WJ1aloZeByNJssyBrpL5GrZv2aIUAb95qLeUXyDo1NOOST+qndlbZESv Zhs2u2+IBSakSzzvK8ICivmzxlvMGDp3uakuAzacuUDd4IR21XnrXpIbKbVYCxKd 4snv//+qTN8GYRd6pKPOFquz4m6SHncFia2YP8z8swaNOyhge/dsfpizpTfdA5td kIGLVtwwLQkZ3/BuS6ULFN8kZ6L37kJRUy5k7t94sbry3RRSzSZzhhprO1OrRS0k zPpduEX+IyHewgQXsKiRKGfPXFFqpbR1QMsxBOQ8Boma5D4JyZEEaBWY5BmsGcWq e6iJalcF50ArZxXFfMMk6K3Ga7R2CI+EuSEq9bZP9tCQpF2PCceXm6FZDlwiIOU8 EcaiDGsiD71vylFWGbcnnO3RJZNCO2uq/bSVa0lfD+CdtocbiqRvao9iE/biA/dz ROAwoknLGgxIKY3TNOYv/YbiroeIHhSM+SXiNtP25QSuuNfN64sA2fY/eDxK6T/r cdTuEz9JVdhuyYe77olxWmVb8EgHepQqDFTL1eed8njg3J4NMrVDJlmecbhBXgJe q9GZMkbNzzOiNPYdGNzcFRoMlDA+ns/bhZy7okqD017TICIMOIbMqTJiQxVPcHue 6a1gJRow7nWleWs4XSG/ =zF2K -----END PGP SIGNATURE----- --E7l5usQS0lWVF6M0lhowC7DWfiKBw3A66--