Date: Mon, 17 Jan 2005 00:58:41 +0000 From: Daniel Bye <freebsd-questions@slightlystrange.org> To: freebsd-questions@freebsd.org Subject: Re: setup of Bind9 on 5.3 Message-ID: <20050117005841.GA6465@catflap.slightlystrange.org> In-Reply-To: <6.2.0.14.2.20050116142101.00bfef60@cheyenne.wixb.com> References: <6.2.0.14.2.20050116142101.00bfef60@cheyenne.wixb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ibTvN161/egqYuK8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jan 16, 2005 at 02:23:54PM -0600, J.D. Bronson wrote:
> I have cvs'd and built world and now I want to use the native bind9 to ru=
n=20
> DNS.
>=20
> I am very familiar with chrooting named, but for some reason I cannot get=
=20
> this going....
>=20
> If I use ISC's bind 9 built from scratch, it will chroot just fine.
>=20
> Does anyone have a sample named.conf for chrooting that shows
> loading of 1 zone and the hints file? (technically not needed with bind9,=
=20
> but doesnt hurt)
>=20
> In addition, the dir structure of /var/named would be nice to see.
>=20
> normally I setup chroot jail for named like this:
>=20
> /var/named:
>=20
> drwxr-xr-x 2 root root 512 Aug 16 12:04 dev
> drwxr-xr-x 2 root named 512 Aug 16 12:04 etc
> drwxrwx--- 2 root named 512 Sep 1 2003 log
> drwxr-xr-x 2 root root 512 Jan 16 10:02 master
> drwxrwx--- 2 root named 512 Jan 16 10:04 run
> drwxrwxr-x 2 root named 1024 Dec 30 19:40 slave
> drwxr-xr-x 2 root root 512 Apr 7 2004 standard
>=20
> this approach does not seem to work with using STOCK named....
>=20
> any help will be appreciated!
Take a look at the new knobs in /etc/defaults/rc.conf for controlling
the supplied BIND9.
The rc scripts do a really good job of setting it all up for you.
As for the locations of your zone files, I think you will have more
success if you put them insude ./namedb/. This how my /var/named/ is
laid out:
--->$ ls -R /var/named/=20
dev/ etc/ var/
/var/named/dev:
null ptyp2 ptyp4 random ttyp2 ttyp4
ptyp1 ptyp3 ptyp5 ttyp1 ttyp3 ttyp5
/var/named/etc:
localtime namedb/
/var/named/etc/namedb:
PROTO.localhost-v6.rev named.conf rndc.key
PROTO.localhost.rev named.conf.dist slave/
make-localhost named.root
master/ rndc.conf
/var/named/etc/namedb/master:
0.168.192.in-addr.arpa localhost.rev
localhost-v6.rev slightlystrange.org
/var/named/etc/namedb/slave:
/var/named/var:
dump/ log/ run/ stats/
/var/named/var/dump:
named_dump.db
/var/named/var/log:
named.run
/var/named/var/run:
log=3D named/ named.pid
/var/named/var/run/named:
/var/named/var/stats:
named.stats
Note that most of these files will be created for you the first time you
inoke named by means of the rc script, /etc/rc.d/named. You should
probably move aside any pre-existing config.
You can then load your zone files like this:
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
zone "your.domain.org" {
type master;
file "master/your.domain.org";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "master/0.168.192.in-addr.arpa";
};
HTH
Dan
--=20
Daniel Bye
PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
--ibTvN161/egqYuK8
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
iD8DBQFB6w3AhvzwOpChvo8RAiZ+AJ4qLBuqYDbNGcnJbSXqEYN5GgQeVQCfe1+M
uKbharaVlImaXoSZifKONG4=
=tExz
-----END PGP SIGNATURE-----
--ibTvN161/egqYuK8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050117005841.GA6465>