Date: Sun, 29 Jul 2007 04:26:44 -0700 (PDT) From: Patrick Dung <patrick_dkt@yahoo.com.hk> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-isp@freebsd.org, freebsd-questions@freebsd.org Subject: Re: ISC bind9 with dynamic DNS update (chroot problem) Message-ID: <8142.66621.qm@web54304.mail.re2.yahoo.com> In-Reply-To: <46AA6078.6020300@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for reply. Your suggestion solved my problem, thanks. Yes, /etc/init.d/named is a typo. Regards Patrick --- Doug Barton <dougb@FreeBSD.org> wrote: > Patrick Dung wrote: > > Hi > > > > I use FreeBSD 6.2 and the base bind9. > > For dynamic DNS update, bind9 automatically generate the journal > file > > (end in .jnl). > > The default config is to use chroot and the running user as 'bind'. > > > > The problem is that after named is started (/etc/init.d/named > start), > > Are you sure you're doing this on FreeBSD? We have rc.d, not initd. > Assuming that was just a typo ... > > > the default chroot directory /var/named/etc/named > > The default directory is /etc/namedb, which is a symlink to > /var/named/etc/namedb. > > > permission will be reset to own by root. So the named daemon (run > > as user 'bind') cannot create the journal file and complain: > > You shouldn't be creating journal files in the config directory > anyway. > > > One temp fix is to use chroot and run as root, any suggestions? > > Yeah, don't run named as root. Ever. :) > > Assuming that you are actually running FreeBSD, and that you have not > turned off the mtree option, you should have the following > directories > in /etc/namedb: > > drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/ > drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/ > drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/ > > The dynamic directory is obviously designed to hold dynamic zones, > and > it (like the slave directory) is chowned to user bind so that named > can write to it after it drops privileges. > > hth, > > Doug > > -- > > This .signature sanitized for your protection > ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8142.66621.qm>