The OP could just wait a few weeks and upgrade to one of the 5.3 BETAs
-- or wait a month and a half and upgrade to 5.3-RELEASE, where BIND9
will be the default resolver in the system.

On Tue, Aug 10, 2004 at 04:14:03AM -0400, Michael Sharp wrote:
> read the /usr/ports/dns/bind9 Makefile and use the 'PORT_REPLACES_BASE_BIND9'
> option to make.
> make PORT_REPLACES_BASE_BIND9=yes install clean

Ummm... PORT_REPLACES_BASE_BIND9 generally means that the port uses
/usr as ${PREFIX} rather than the normal value of /usr/local -- that
means it will fight with the base system over which owns those files.

The instructions below only apply if you *don't* use
> In rc.conf
> ----------
> named_enable="YES"
> named_program="/usr/local/sbin/named"
> named_flags="-c /usr/local/etc/namedb/named.conf -u bind"
If you're going to use PORT_REPLACES_BASE_BIND9, then you should
certainly set NO_BIND=yes in /etc/make.conf.  However, my advice would
be /not/ to use PORT_REPLACES_BASE_BIND9: just install the port under
/usr/local as usual, and adjust the make.conf settings as above.  You
can add NO_BIND=yes to make.conf or not, as you like.
> and you can also put NO_BIND= true in /etc/make.conf so that base BIND
> isn't build when you make world.
> Definetly consider chrooting or jailing BIND

If you install BIND9, you can run it chrooted without having to
install all of the bind executables under the chroot area: just use a
rc.conf setting like:

    named_flags="-c /etc/namedb/named.conf -u bind -t /var/named"

and set up the chroot area under /var/named as needed.  See the
instructions at:

which needs a bit of interpretation as those are instructions for
Linux, and FreeBSD does things a little differently.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP:         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgpWZe3yGxvI4.pgp
Description: PGP signature

Reply via email to