From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 21:15:39 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 866CF16A421 for ; Fri, 27 Jul 2007 21:15:39 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id 17CD613C478 for ; Fri, 27 Jul 2007 21:15:38 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 18154 invoked by uid 399); 27 Jul 2007 21:15:38 -0000 Received: from localhost (HELO ?192.168.0.4?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 27 Jul 2007 21:15:38 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46AA6078.6020300@FreeBSD.org> Date: Fri, 27 Jul 2007 14:15:36 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (Windows/20070716) MIME-Version: 1.0 To: Patrick Dung References: <413095.46144.qm@web54301.mail.re2.yahoo.com> In-Reply-To: <413095.46144.qm@web54301.mail.re2.yahoo.com> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: Re: ISC bind9 with dynamic DNS update (chroot problem) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2007 21:15:39 -0000 Patrick Dung wrote: > Hi > > I use FreeBSD 6.2 and the base bind9. > For dynamic DNS update, bind9 automatically generate the journal file > (end in .jnl). > The default config is to use chroot and the running user as 'bind'. > > The problem is that after named is started (/etc/init.d/named start), Are you sure you're doing this on FreeBSD? We have rc.d, not initd. Assuming that was just a typo ... > the default chroot directory /var/named/etc/named The default directory is /etc/namedb, which is a symlink to /var/named/etc/namedb. > permission will be reset to own by root. So the named daemon (run > as user 'bind') cannot create the journal file and complain: You shouldn't be creating journal files in the config directory anyway. > One temp fix is to use chroot and run as root, any suggestions? Yeah, don't run named as root. Ever. :) Assuming that you are actually running FreeBSD, and that you have not turned off the mtree option, you should have the following directories in /etc/namedb: drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/ drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/ drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/ The dynamic directory is obviously designed to hold dynamic zones, and it (like the slave directory) is chowned to user bind so that named can write to it after it drops privileges. hth, Doug -- This .signature sanitized for your protection