Re: ISC bind9 with dynamic DNS update (chroot problem)
Written by Patrick Dung on 07/28/07 10:52 Thanks for reply. Yes, your method works. But I wonder why /var/named/etc/named/master directory permission always reset to root at starting the daemon. Regards Patrick --- Reid Linnemann [EMAIL PROTECTED] wrote: Written by Patrick Dung on 07/27/07 08:19 Hi I use FreeBSD 6.2 and the base bind9. For dynamic DNS update, bind9 automatically generate the journal file (end in .jnl). The default config is to use chroot and the running user as 'bind'. The problem is that after named is started (/etc/init.d/named start), the default chroot directory /var/named/etc/named permission will be reset to own by root. So the named daemon (run as user 'bind') cannot create the journal file and complain: Jul 27 21:06:54 fbsd62 named[2862]: general: localdomain.db.jnl: create: permission denied One temp fix is to use chroot and run as root, any suggestions? Regards Patrick When I did ddns, I had my dynamic zone files in a subdirectory off of the named chroot- i.e. /var/named/etc/namedb/dynamic - and chowned it to bind, allowing the bind user to read/write anything inside. I forgot to CC: questions@ on my original reply This is because /etc/rc.d/named auto-updates the chroot to an expected state defined by the mtree at /etc/mtree/BIND.chroot.dist P.S. Please do not top post, so the conversation order progresses from oldest to newest. -Reid ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ISC bind9 with dynamic DNS update (chroot problem)
Thanks for reply. Your suggestion solved my problem, thanks. Yes, /etc/init.d/named is a typo. Regards Patrick --- Doug Barton [EMAIL PROTECTED] wrote: Patrick Dung wrote: Hi I use FreeBSD 6.2 and the base bind9. For dynamic DNS update, bind9 automatically generate the journal file (end in .jnl). The default config is to use chroot and the running user as 'bind'. The problem is that after named is started (/etc/init.d/named start), Are you sure you're doing this on FreeBSD? We have rc.d, not initd. Assuming that was just a typo ... the default chroot directory /var/named/etc/named The default directory is /etc/namedb, which is a symlink to /var/named/etc/namedb. permission will be reset to own by root. So the named daemon (run as user 'bind') cannot create the journal file and complain: You shouldn't be creating journal files in the config directory anyway. One temp fix is to use chroot and run as root, any suggestions? Yeah, don't run named as root. Ever. :) Assuming that you are actually running FreeBSD, and that you have not turned off the mtree option, you should have the following directories in /etc/namedb: drwxr-xr-x 2 bind wheel512 Jul 23 00:47 dynamic/ drwxr-xr-x 2 root wheel512 Jul 13 22:33 master/ drwxr-xr-x 2 bind wheel512 Jul 27 14:05 slave/ The dynamic directory is obviously designed to hold dynamic zones, and it (like the slave directory) is chowned to user bind so that named can write to it after it drops privileges. hth, Doug -- This .signature sanitized for your protection Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ISC bind9 with dynamic DNS update (chroot problem)
Hi I use FreeBSD 6.2 and the base bind9. For dynamic DNS update, bind9 automatically generate the journal file (end in .jnl). The default config is to use chroot and the running user as 'bind'. The problem is that after named is started (/etc/init.d/named start), the default chroot directory /var/named/etc/named permission will be reset to own by root. So the named daemon (run as user 'bind') cannot create the journal file and complain: Jul 27 21:06:54 fbsd62 named[2862]: general: localdomain.db.jnl: create: permission denied One temp fix is to use chroot and run as root, any suggestions? Regards Patrick Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ISC bind9 with dynamic DNS update (chroot problem)
Patrick Dung wrote: Hi I use FreeBSD 6.2 and the base bind9. For dynamic DNS update, bind9 automatically generate the journal file (end in .jnl). The default config is to use chroot and the running user as 'bind'. The problem is that after named is started (/etc/init.d/named start), Are you sure you're doing this on FreeBSD? We have rc.d, not initd. Assuming that was just a typo ... the default chroot directory /var/named/etc/named The default directory is /etc/namedb, which is a symlink to /var/named/etc/namedb. permission will be reset to own by root. So the named daemon (run as user 'bind') cannot create the journal file and complain: You shouldn't be creating journal files in the config directory anyway. One temp fix is to use chroot and run as root, any suggestions? Yeah, don't run named as root. Ever. :) Assuming that you are actually running FreeBSD, and that you have not turned off the mtree option, you should have the following directories in /etc/namedb: drwxr-xr-x 2 bind wheel512 Jul 23 00:47 dynamic/ drwxr-xr-x 2 root wheel512 Jul 13 22:33 master/ drwxr-xr-x 2 bind wheel512 Jul 27 14:05 slave/ The dynamic directory is obviously designed to hold dynamic zones, and it (like the slave directory) is chowned to user bind so that named can write to it after it drops privileges. hth, Doug -- This .signature sanitized for your protection ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
