Hi,

On Tue, Aug 5, 2008 at 12:59 AM, Doug Barton <[EMAIL PROTECTED]> wrote:
>
> Adrian Penisoara wrote:
>>
>> Quoting from a default distributed /etc/namedb/named.conf:
>>
>> options {
>>        // Relative to the chroot directory, if any
>>        directory       "/etc/namedb";
>>        pid-file        "/var/run/named/pid";
>>        dump-file       "/var/dump/named_dump.db";
>>        statistics-file "/var/stats/named.stats";
>>
>>  You have to take into account that "directory" is used for any non-absolute 
>> pathname specified in named.conf, including the "file" clauses for 
>> master/slave zones. If you were to change it now then you would break a lot 
>> of setups.
>
> Agreed.
>
>>  I believe that the "working directory" and "root config directory" concepts 
>> should have been dissociated.
>
> Also agreed. :)  I plan to send some feature requests to the bind-users list 
> based on the discussions in this thread. If you're interested in this topic 
> I'd suggest that you follow the discussion on that list.

I will try to :).

>
> I have an (unreviewed) patch to add a debug-only option at 
> http://dougbarton.us/bind-debug-only-channel.diff if anyone wants to 
> experiment with this. Using that patch I was able to do this:
>
> logging {
>        channel our_debug {
>                file "/var/log/named.run";
>                severity dynamic;
>                print-time yes;
>                debug-only yes;
>        };
>        category default { default_syslog; our_debug; };
>        category unmatched { null; };
> };
>
> Which duplicates the default logging configuration except that you can now 
> specify the location for the named.run file (or give it another file name, 
> etc.).
>
>>  Another idea would be to add a final "options { directory "/var/run/named"; 
>> }; " statement at the end of the file -- from the BIND sources it appears 
>> that there is a callback function which may pickup this final statement in 
>> order to make it the current working directory for the named process.
>
> The problem is that when you do a reconfig or a reload named won't be able to 
> see its configuration file.
>
>>  Oh, and in the idea that we should keep the default configuration as simple 
>> as possible for the average user and for whatever scenario, here is my 
>> proposal:
>>
>>        dump-file       "/var/run/named/named_dump.db";
>>        statistics-file "/var/run/named/named.stats";
>
> This idea is not without merit, but I actually have them separated for a 
> reason. The reason is sort of an "intermediate" level thing, but if you want 
> to dump the db or the stats more than once and keep more than one version 
> around it's more convenient to do this in a separate directory. Also the 
> assumption is that /var/run is supposed to be cleaned out at each boot, and I 
> wouldn't want to lose those files.

Yep, you've got a point here.

>
>>  I'm not sure what happens when the user toggles tracing / query logging 
>> (with rndc) -- where would these files go by default ?
>
> That depends on how you have syslog configured. If you have no other logging 
> configured and you do 'rndc querylog' to toggle it on it will go to syslog 
> with daemon.info. Unfortunately, FreeBSD's default configuration doesn't log 
> that by default. One could argue that it should, but I really don't want to 
> open that can of worms. If you want to give that a try you could change 
> *.notice in syslog.conf for the /var/log/messages file to *.info, then 
> /etc/rc.d/syslogd restart. (Or uncomment the all.log option, etc.)

Umm, I'd rather add something along the following to /etc/syslog.conf
(I usually do it for my nameservers):

   !named
   *.*                                             /var/log/named.log

And of course, one would accompany this with the following line in
/etc/newsyslog.conf:

   /var/log/named.log                      644  7     100 *     J

Regards,
Adrian.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to