From owner-freebsd-current@FreeBSD.ORG  Mon Oct  4 21:43:28 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id BC47516A4CE; Mon,  4 Oct 2004 21:43:28 +0000 (GMT)
Received: from smtp2.jazztel.es (smtp2.jazztel.es [62.14.3.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 23E2B43D1F; Mon,  4 Oct 2004 21:43:28 +0000 (GMT)
	(envelope-from josemi@freebsd.jazztel.es)
Received: from antivirus
	by smtp2.jazztel.es
	with antivirus id 1CEac7-00086F-00
	Mon, 04 Oct 2004 23:43:23 +0200
Received: from [212.106.236.104] (helo=rguez.homeunix.net)
	by smtp2.jazztel.es
	with esmtp id 1CEac6-00085L-00
	Mon, 04 Oct 2004 23:43:22 +0200
Received: from redesjm.local (orion.redesjm.local [192.168.254.16])
	by rguez.homeunix.net (8.13.1/8.13.1) with ESMTP id i94LhPYL012672;
	Mon, 4 Oct 2004 23:43:25 +0200 (CEST)
	(envelope-from freebsd@redesjm.local)
Received: from localhost (localhost [[UNIX: localhost]])
	by redesjm.local (8.13.1/8.13.1/Submit) id i94LhLSr073974;
	Mon, 4 Oct 2004 23:43:21 +0200 (CEST)
	(envelope-from freebsd@redesjm.local)
From: Jose M Rodriguez <josemi@freebsd.jazztel.es>
To: Doug Barton <DougB@freebsd.org>
Date: Mon, 4 Oct 2004 23:43:17 +0200
User-Agent: KMail/1.7
References: <4160259A.3070708@FreeBSD.org>
	<200410041734.53316.freebsd@redesjm.local> <20041004125738.K778@bo.vpnaa.bet>
In-Reply-To: <20041004125738.K778@bo.vpnaa.bet>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200410042343.19211.freebsd@redesjm.local>
X-AntiVirus: checked by AntiVir Milter 1.1-beta; AVE 6.27.0.12; VDF 6.27.0.81
	     (host: antares.redesjm.local)
X-Virus-Scanned: by antivirus
cc: freebsd-current@freebsd.org
cc: Jose M Rodriguez <josemi@freebsd.jazztel.es>
Subject: Re: New BIND 9 chroot directories
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Oct 2004 21:43:29 -0000

El Lunes, 4 de Octubre de 2004 22:10, Doug Barton escribi=F3:
> On Mon, 4 Oct 2004, Jose M Rodriguez wrote:
> > At last here, BETA7 come with a populated /var/named.
>
> Yes, this is as it should be.
>
> > we've used /var/named for ages without this layout.
>
> OK.
>
> > Is this really needed?
>
> It is necessary to have a default chroot directory structure, yes.
> You can easily prevent /etc/rc.d/named from doing anything with it by
> adding named_chroot_autoupdate=3D"NO" to your /etc/rc.conf[.local]
> file. You can also prevent mergemaster from tempting you with files
> in /etc/namedb by adding NO_BIND_ETC to /etc/make.conf. What may be
> necessary at this point is to add a knob that prevents the directory
> structure from being created in the installworld step. I'll look at
> that tonight.
>

Really good work.  But, this is really needed?
I can't see why.

We can go release with a default:
named_chrootdir=3D""
named_flags=3D"-u bind"
named_enable=3D"NO"

And with your strong support for chrooted operation in /etc/rc.d/named

So any sysadmin have time/freedoom for setup the chroot before launch=20
named.

The default setup seems enough for a firsttimer/home user.  I'll prefer=20
a /etc/named/named.conf default that only listen on localhost.

Even I see easier tweak /etc/rc.d/named to populate a wide=20
${named_chrootdir} from defaults and /etc/namedb.

I'm really sorry about that, but I think that the status at fresh BETA6=20
is far better than now.

> I feel that I've provided the users plenty of knobs to customize this
> stuff with, but if folks have ideas on how it can be improved, I'm
> open to them.
>

Yes, this is not the way.  I think you allready go too far on this.

> > This breaks our update plans.
>
> Well, hopefully I've demonstrated that the problems you've
> experienced can be worked around. Of course, two other options are
> available, one is to move your stuff to a different directory, and
> the other is to adopt the structure that is now being installed by
> default.
>
> > Also, I think this is not well documnted on UPDATING
>
> The entry in UPDATING says (in part):
>
>          If you are using a custom configuration, or if you have
>          customised the named_* variables in /etc/rc.conf[.local]
>          then you may have to adjust the instructions accordingly.
>          It is suggested that you carefully examine the new named
>          variables in /etc/defaults/rc.conf and the options in
>          /var/named/etc/namedb/named.conf to see if they might
>          now be more suitable.
>
> If you have suggestions on how this can be made more clear, please
> let me know.
>
> Doug

If we go release rigth now, you must describe directly the chroot setup=20
and not as an option.

An explicit reference to /var/named (filled from tarballs) must exist in=20
release notes.

=2D-
  josemi