Date: Thu, 10 Jul 2008 18:41:35 +0400 (MSD) From: Dmitry Morozovsky <marck@rinet.ru> To: stef@memberwebs.com Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, Remko Lodder <remko@freebsd.org>, Doug Barton <dougb@freebsd.org>, secteam@freebsd.org, Andrew Storms <astorms@ncircle.com> Subject: Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo] Message-ID: <20080710183843.Q58331@woozle.rinet.ru> In-Reply-To: <20080709204114.471A2F1835D@mx.npubs.com> References: <C49A67C5.1A0CBA%astorms@ncircle.com> <20080709204114.471A2F1835D@mx.npubs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Jul 2008, Stef wrote: S> Thanks! S> S> Here are simple steps to use this instead of the base named (and easily S> go back later): S> S> # cd /usr/ports/dns/bind9 S> # make && make install S> # ln -s /etc/namedb/named.conf /usr/local/etc/named.conf S> # echo 'named_program="/usr/local/sbin/named" >> /etc/rc.conf S> # /etc/rc.d/named restart S> S> LMK if I missed something. (or use NO_BIND= in /etc/make.conf and WITH_REPLACE_BASE= on port options, but be careful when upgrading configs...) Just to have you and other related parties informed of a pitfall I stepped into: -- 8< -- From: BIND9 Bugs via RT <bind9-bugs@isc.org> Subject: [ISC-Bugs #18265] AutoReply: bind update to 9.4.2.1: 'empty label' inconsistent check ------------------------------------------------------------------------- Dear Doug and ISC maintainers, just updated bind94 on our master server and found that together with vulnerability fixes there is at least one glitch in configuration checks History: we have automatic scripted system to secondary some zones from one of our partners. so, part of named.conf is auto-generated, then checked via named-checkconf and then applied. After today upgrade I found that new server failed to start, which is really a PITA, as it has 13k+ authoritative zones. Named-checkconf does not return an error. named reports 'empty label' without any reference to config file and/or line number. After some nervous minutes of binary search ;-) I found the offending line, which erroneously contains two dots instead of one. I suppose this should be fixed at least in named-checkconf. -- 8< -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080710183843.Q58331>