Date: Fri, 01 Oct 2010 15:16:28 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: Matthew <mpope@teksavvy.com> Cc: freebsd-questions@freebsd.org Subject: Re: BIND: could not configure root hints from 'named.root': file not found Message-ID: <4CA6419C.3050109@cyberleo.net> In-Reply-To: <4CA61FE5.9050306@teksavvy.com> References: <4CA61FE5.9050306@teksavvy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/01/2010 12:52 PM, Matthew wrote: > I would be grateful for any pointers on how to resolve this. I suspect > the error message may not be exactly descriptive of whats happening. Kinda. Here's a few points to keep in mind when working with bind in FreeBSD: * By default, named runs in a chroot jail rooted at /var/named/. * For security reasons, named cannot write to anything in that tree, except the dynamic, slave, and working directories. * named uses its current working directory to resolve relative pathnames in the configuration file. * With a recent change to ISC Bind 9, named started complaining if it couldn't write to its current working directory. At the time, this was (chroot)/etc/namedb/; this was subsequently changed to (chroot)/etc/namedb/working/ to make named happy without compromising security. When the working directory for named was (chroot)/etc/namedb/, everything was peachy. Since this was changed, relative pathnames no longer work as expected because the reference point is different. The easiest solution is to alter your configuration file to include only absolute pathnames, relative to the root of the jail. The default named config file (in /var/named/etc/namedb/named.conf) is an excellent source of examples for this. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://wwww.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA6419C.3050109>