In OpenBSD 5.0 is no possibility to start /usr/sbin/named without privilege separation. Example as a regular user: $ /usr/sbin/named -g -i named.pid Starting privilege separation fatal in bind [child]: chroot failed: Operation not permitted
The man page says: When invoked without arguments, named will fork into two processes for privilege separation, chroot(2) to /var/named, read the default : which leaves room for the interpretation that with suitable arguments named can be made to not use privilige separation. Reading the source code however suggests to me that there is no such combination of arguments. This is a pity since then named e.g can not be used for testing resolver client software by starting a test specific resolver. Suggestion: an empty -t argument value or a value of "." could denote the unpatched ISC named behaviour of no -t argument. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
