Thanks for reply. Your suggestion solved my problem, thanks.
Yes, /etc/init.d/named is a typo. Regards Patrick --- Doug Barton <[EMAIL PROTECTED]> wrote: > Patrick Dung wrote: > > Hi > > > > I use FreeBSD 6.2 and the base bind9. > > For dynamic DNS update, bind9 automatically generate the journal > file > > (end in .jnl). > > The default config is to use chroot and the running user as 'bind'. > > > > The problem is that after named is started (/etc/init.d/named > start), > > Are you sure you're doing this on FreeBSD? We have rc.d, not initd. > Assuming that was just a typo ... > > > the default chroot directory /var/named/etc/named > > The default directory is /etc/namedb, which is a symlink to > /var/named/etc/namedb. > > > permission will be reset to own by root. So the named daemon (run > > as user 'bind') cannot create the journal file and complain: > > You shouldn't be creating journal files in the config directory > anyway. > > > One temp fix is to use chroot and run as root, any suggestions? > > Yeah, don't run named as root. Ever. :) > > Assuming that you are actually running FreeBSD, and that you have not > turned off the mtree option, you should have the following > directories > in /etc/namedb: > > drwxr-xr-x 2 bind wheel 512 Jul 23 00:47 dynamic/ > drwxr-xr-x 2 root wheel 512 Jul 13 22:33 master/ > drwxr-xr-x 2 bind wheel 512 Jul 27 14:05 slave/ > > The dynamic directory is obviously designed to hold dynamic zones, > and > it (like the slave directory) is chowned to user bind so that named > can write to it after it drops privileges. > > hth, > > Doug > > -- > > This .signature sanitized for your protection > ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"