On 2003-03-05 16:46:04 (-0800), Doug Barton <[EMAIL PROTECTED]> wrote:
> On Thu, 6 Mar 2003, Philip Paeps wrote:
> > Is it actually possible for one to build a custom release without the
> > ``unnecessary'' BIND bits?  I haven't grepped the source, forgive me, but
> > what does 'NO_BIND=true' actually do?  If I were to make a release like
> > that, would that end me up without resolver as well?
> It's not as thorough as I think it should be. I plan to get cracking on this
> now that I've got my ports more or less whipped into shape pre-freeze.

Thanks!  The possibility of having a way to completely erradicate the
'superfluous' bits of BIND sounds very appealing.  I'd be happy to break some
machines to help test this :-)

> > Perhaps a NO_NSLOOKUP flag? ;-)
> Yeah, I'll add that along with the PIGS_WILL_FLY flag.


> > Now my fiddling with the BIND port is reduced to making stuff live under
> > /var/namedb instead of /etc/namedb as I like having / mounted read-only as
> > much as possible.
> One way you can do this fairly easily with PORT_REPLACES_BASE is to have
> your chroot tree look something like this:
> /var/named/<other stuff you need>
> /var/named/etc/namedb/named.conf (etc)
> Then have /etc/namedb be a symlink to /var/named/etc/namedb, with
> 'directory "/etc/namedb";' in your named.conf file. 

That looks a lot cleaner than what I've got now.  Good project for tomorrow
morning.  Also gets rid of the confusing (to some) "directory "/"' in the
config, and allows those obsessed with editing /etc/namedb/named.conf to find
themselves at home.

> That way, both named and ndc "see" the same picture of the system, in and
> out of the chroot tree. 

Speaking of ndc, I think that's a BIND8-ism.  Could the port be convinced to
symlink it to rndc when set to replace the base, or would that confuse other
things?  Currently, I'm just aliasing it in my shell, but that seems a bit
hackish :-)

> I already use this at work, and I plan to add a lot of this config to the
> base itself here pretty soon. But you can easily get a head start on it now
> using what I described above.

Briliant!  I'll have people congratulate me on the cleanliness of my
nameserver by lunchtime tomorrow :-P

 - Philip

Philip Paeps                                          Please don't CC me, I am
[EMAIL PROTECTED]                                       subscribed to the list.

  If you see a man approaching you with the obvious intent
  of doing you good, you should run for your life.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to