Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Jul 2007 08:40:25 -0500
From:      Reid Linnemann <lreid@cs.okstate.edu>
To:        Patrick Dung <patrick_dkt@yahoo.com.hk>
Cc:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   Re: ISC bind9 with dynamic DNS update (chroot problem)
Message-ID:  <46ADEA49.4010609@cs.okstate.edu>
In-Reply-To: <783850.98118.qm@web54303.mail.re2.yahoo.com>
References:  <783850.98118.qm@web54303.mail.re2.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Written by Patrick Dung on 07/28/07 10:52>>
> Thanks for reply.
> 
> Yes, your method works.
> But I wonder why /var/named/etc/named/master directory permission
> always reset to root at starting the daemon.
> 
> Regards
> Patrick
> 
> --- Reid Linnemann <lreid@cs.okstate.edu> wrote:
> 
>> Written by Patrick Dung on 07/27/07 08:19>>
>>> Hi
>>>
>>> I use FreeBSD 6.2 and the base bind9.
>>> For dynamic DNS update, bind9 automatically generate the journal
>> file
>>> (end in .jnl).
>>> The default config is to use chroot and the running user as 'bind'.
>>>
>>> The problem is that after named is started (/etc/init.d/named
>> start),
>>> the default chroot directory /var/named/etc/named permission will
>> be
>>> reset to own by root. So the named daemon (run as user 'bind')
>> cannot
>>> create the journal file and complain:
>>>
>>> Jul 27 21:06:54 fbsd62 named[2862]: general: localdomain.db.jnl:
>>> create: permission denied
>>>
>>> One temp fix is to use chroot and run as root, any suggestions?
>>>
>>> Regards
>>> Patrick
>>>
>>>
>> When I did ddns, I had my dynamic zone files in a subdirectory off of
>>
>> the named chroot- i.e. /var/named/etc/namedb/dynamic - and chowned it
>> to 
>> bind, allowing the bind user to read/write anything inside.
>>

I forgot to CC: questions@ on my original reply

This is because /etc/rc.d/named auto-updates the chroot to an expected 
state defined by the mtree at /etc/mtree/BIND.chroot.dist

P.S.
Please do not top post, so the conversation order progresses from oldest 
to newest.

-Reid

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46ADEA49.4010609>