Date: Mon, 04 Oct 2010 17:21:06 -0400 From: Matthew <mpope@teksavvy.com> To: CyberLeo Kitsana <cyberleo@cyberleo.net> Cc: freebsd-questions@freebsd.org Subject: Re: BIND: could not configure root hints from 'named.root': file not found Message-ID: <4CAA4542.8060005@teksavvy.com> In-Reply-To: <4CA6419C.3050109@cyberleo.net> References: <4CA61FE5.9050306@teksavvy.com> <4CA6419C.3050109@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
CyberLeo Kitsana, Thank you so much for the history and evolution on Bind expected directory structures. It enabled me to jump through that tough spot. Thanks again, Matthew > On 10/01/2010 12:52 PM, Matthew wrote: > >> I would be grateful for any pointers on how to resolve this. I suspect >> the error message may not be exactly descriptive of whats happening. >> > Kinda. > > Here's a few points to keep in mind when working with bind in FreeBSD: > > * By default, named runs in a chroot jail rooted at /var/named/. > > * For security reasons, named cannot write to anything in that tree, > except the dynamic, slave, and working directories. > > * named uses its current working directory to resolve relative pathnames > in the configuration file. > > * With a recent change to ISC Bind 9, named started complaining if it > couldn't write to its current working directory. At the time, this was > (chroot)/etc/namedb/; this was subsequently changed to > (chroot)/etc/namedb/working/ to make named happy without compromising > security. > > When the working directory for named was (chroot)/etc/namedb/, > everything was peachy. Since this was changed, relative pathnames no > longer work as expected because the reference point is different. The > easiest solution is to alter your configuration file to include only > absolute pathnames, relative to the root of the jail. > > The default named config file (in /var/named/etc/namedb/named.conf) is > an excellent source of examples for this. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CAA4542.8060005>