Harald Schmalzbauer wrote: > Doug Barton schrieb am 30.11.2009 04:54 (localtime): > There are kind of "to be expected" incompatible options, of course, but > this one hit me some years before. Especcially for newbies, it's not > clear why these options shouldn't work together. Because what you're proposing is very far away from the typical way that name servers are configured. My goal is to provide a secure, safe default configuration that conforms to current best practices. What you want to do is an edge case, and not even something I see as reasonable to add an option in the base for given that the code is already much more complicated than it should be. >>> My idea is to create a namedb directory in /usr/share (like there's one >>> for sendmail) with duplicate entries of src/etc/namedb >> >> Why not just set named_chrootdir to /usr/share/namedb ? It's not 100% >> clear to me what you're trying to accomplish. Can you please go into a >> little more detail about your goals, rather than potential solutions? > > I think rc.d/var should be able to populate a named compliant /var. > Therefore it needs at least named.conf and named.root. > My idea was to save them in /usr/share, where many other (sendmail e.g.) > template duplicates also reside. When chrooting to /usr/share/namedb, it > also fails if I don't have the original installed /var, like if /var is > a freshly populated memory file system. If you are dead set on this course of action that's fine. What I suggest that you do is to create an rc.d script that does what you want, and include REQUIRE: var and BEFORE: named. Put this script in /usr/local/etc/rc.d and you'll be good to go. Off hand you will probably need to use the same mtree invocation that rc.d/named uses to create the file structure, but after that copying your files should be easy. You can start here for information on how to create your own rc.d scripts: http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/rc-scripts.html >>> P.S.: named_conf definitions in rc.conf get lost. >> >> Yes, that's something that needs improvement. I have it on the list >> but since it's not common for people to alter the path to the conf >> file, and since in the past in order to do so you've had to add -c to >> named_flags anyway, I don't regard it as urgent. FYI, this is done. Doug -- Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/ Computers are useless. They can only give you answers. -- Pablo PicassoReceived on Wed Jan 06 2010 - 19:19:15 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC