From owner-freebsd-current@FreeBSD.ORG  Tue Oct  5 02:48:37 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3142216A4CE
	for <freebsd-current@freebsd.org>;
	Tue,  5 Oct 2004 02:48:37 +0000 (GMT)
Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 88F9543D2F
	for <freebsd-current@freebsd.org>;
	Tue,  5 Oct 2004 02:48:36 +0000 (GMT)
	(envelope-from matusita@jp.FreeBSD.org)
Received: from localhost (localhost [::1])i952mZ811440
	for <freebsd-current@freebsd.org>;
	Tue, 5 Oct 2004 11:48:35 +0900 (JST)
	(envelope-from matusita@jp.FreeBSD.org)
In-Reply-To: <20041004181933.H96420@bo.vpnaa.bet>
References: <200410041734.53316.freebsd@redesjm.local>
	<200410042343.19211.freebsd@redesjm.local>
	<20041004181933.H96420@bo.vpnaa.bet>
X-User-Agent: Mew/1.94.2 Emacs/21.3
X-FaceAnim: (-O_O-)(O_O- )(_O-  )(O-   )(-   -)(   -O)(  -O_)( -O_O)(-O_O-)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Dispatcher: imput version 20040704(IM147)
Lines: 20
From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: freebsd-current@freebsd.org
Date: Tue, 05 Oct 2004 11:48:34 +0900
Message-Id: <20041005114834Y.matusita@jp.FreeBSD.org>
Subject: Re: New BIND 9 chroot directories
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Oct 2004 02:48:37 -0000


I'm seriously considering to change my named configuration to using
chroot sandbox.  Generally, I'm agree with recent named changes.
However I have one thing unclear about current /var/named.

DougB> Because running bind chrooted is considerably safer, and the
DougB> defaults should be as safe as possible unless it is an
DougB> inconvenience to the majority of our users.

As a result, all files using named(8) is under "/var," which is
characterized "multi-purpose log, temporary, transient, and spool
files" directory (see hier(7)).  Yes, the named configuration file (I
believe it is considered generally as important), master zone files
(also important, at least for me), are located under "/var."

So here's my question to all "running named with chroot sandobx"
users: are you ok with such important file is under /var?

-- -
Makoto `MAR' Matsushita