From owner-freebsd-questions@FreeBSD.ORG Thu Mar 13 14:29:24 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 70D5F1065674 for ; Thu, 13 Mar 2008 14:29:24 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 001B38FC16 for ; Thu, 13 Mar 2008 14:29:23 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.13.8) with ESMTP id m2DESwij098109; Thu, 13 Mar 2008 09:28:59 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080313091550.0258da60@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 13 Mar 2008 09:28:51 -0500 To: jekillen , FreeBSD Mailing List From: Derek Ragona In-Reply-To: References: Mime-Version: 1.0 X-Antivirus: avast! (VPS 080313-0, 03/13/2008), Outbound message X-Antivirus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: jekillen Subject: Re: named questions. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Mar 2008 14:29:24 -0000 At 08:59 PM 3/12/2008, jekillen wrote: >Hello: >I have named running as secondary server on v6.2 >It will not start without a specific configuration file set >on the command line. After doing some investigation >it appears that that is because it runs chrooted and >there is not a symlink from /etc/namedb. Is that a correct >assumption? I read the man page and it specifies >the default configuration file as /etc/namedb/named.conf >and along with this file there are master and slave directories. >Would I make the /etc/namedb/named.conf file to be a symlink >to /var/named/etc/namedb/named.conf? You can run named chrooted or not. The default is to run chrooted. Look in: /etc/defaults/rc.conf for all the named configuration options and default settings. If you run chrooted be sure your chroot environment has writeable directory for the slave files. >There are some other entries in rc.conf related to named that >appear in my primary nameserver rc.conf file that relate to getting >it up at boot but I have lost root access to that machine so I cannot >recover the rc.conf details and I do not remember what document- >ation I was using to set it up. You should not need root access to read /etc/rc.conf. This is usually given read by all perms. However, in my rc.conf I set: named_chroot_autoupdate="NO" # Automatically install/update chrooted named_chrootdir="" # Chroot directory (or "" not to auto-chroot it) named_enable="YES" named_flags= # quoted string for the command line named_uid= # quoted user name to run as "bind" or "root" >I was advised to start named as a user other than root but when I >tried that named would not start because the user I set it to does >not have write permission in the directory that has the pid file. Your chroot environment must be set up correctly with the correct perms to write those files and to read the named.conf file. >When named starts at boot what user does it run as, by default? It will run by the named_uid you set in /etc/rc.conf You will have an easier time getting named to run via the command line, then set /etc/rc.conf for the correct settings. /usr/sbin/named -c [to the path and name for naed.conf] -u [the user name to run as] -t [chroot directory or omit this setting if not chrooting] -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.