summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authordougb <dougb@FreeBSD.org>2009-12-15 05:14:39 +0000
committerdougb <dougb@FreeBSD.org>2009-12-15 05:14:39 +0000
commit3feb55f3d60713002d52da776bcb6f4a37547774 (patch)
treee7d98bf8001fa39ad2b3257c8b18b3e8b799c0fb /etc
parent2fc41157e89761969c5b7482686fc52ae4bad399 (diff)
downloadFreeBSD-src-3feb55f3d60713002d52da776bcb6f4a37547774.zip
FreeBSD-src-3feb55f3d60713002d52da776bcb6f4a37547774.tar.gz
The named process needs to have a "working directory" that it can
write to. This is specified in "options { directory }" in named.conf. So, create /etc/namedb/working with appropriate permissions, and update the entry in named.conf to match. In addition to specifying the working directory, file and path names in named.conf can be specified relative to the directory listed. However, since that directory is now different from /etc/namedb (where the configuration, zone, rndc.*, and other files are located) further update named.conf to specify all file names with fully qualified paths. Also update the comment about file and path names so users know this should be done for all file/path names in the file. This change will eliminate the 'working directory is not writable' messages at boot time without sacrificing security. It will also allow for features in newer versions of BIND (9.7+) to work as designed.
Diffstat (limited to 'etc')
-rw-r--r--etc/mtree/BIND.chroot.dist2
-rw-r--r--etc/namedb/named.conf190
2 files changed, 97 insertions, 95 deletions
diff --git a/etc/mtree/BIND.chroot.dist b/etc/mtree/BIND.chroot.dist
index e41a369..95423db 100644
--- a/etc/mtree/BIND.chroot.dist
+++ b/etc/mtree/BIND.chroot.dist
@@ -15,6 +15,8 @@
..
slave uname=bind
..
+ working uname=bind
+ ..
..
..
/set type=dir uname=bind gname=wheel mode=0755
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
index c9b09cb..2fb72d8 100644
--- a/etc/namedb/named.conf
+++ b/etc/namedb/named.conf
@@ -9,8 +9,9 @@
// or cause huge amounts of useless Internet traffic.
options {
- // Relative to the chroot directory, if any
- directory "/etc/namedb";
+ // All file and path names are relative to the chroot directory,
+ // if any, and should be fully qualified.
+ directory "/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
@@ -74,7 +75,7 @@ options {
// Also, make sure to enable it in /etc/rc.conf.
// The traditional root hints mechanism. Use this, OR the slave zones below.
-zone "." { type hint; file "named.root"; };
+zone "." { type hint; file "/etc/namedb/named.root"; };
/* Slaving the following zones from the root name servers has some
significant advantages:
@@ -94,7 +95,7 @@ zone "." { type hint; file "named.root"; };
/*
zone "." {
type slave;
- file "slave/root.slave";
+ file "/etc/namedb/slave/root.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
@@ -102,7 +103,7 @@ zone "." {
};
zone "arpa" {
type slave;
- file "slave/arpa.slave";
+ file "/etc/namedb/slave/arpa.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
@@ -110,7 +111,7 @@ zone "arpa" {
};
zone "in-addr.arpa" {
type slave;
- file "slave/in-addr.arpa.slave";
+ file "/etc/namedb/slave/in-addr.arpa.slave";
masters {
192.5.5.241; // F.ROOT-SERVERS.NET.
};
@@ -125,116 +126,116 @@ zone "in-addr.arpa" {
2. No spurious traffic will be sent from your network to the roots
*/
// RFC 1912
-zone "localhost" { type master; file "master/localhost-forward.db"; };
-zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
-zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; };
+zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
+zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// RFC 1912-style zone for IPv6 localhost address
-zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; };
+zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
// "This" Network (RFCs 1912 and 3330)
-zone "0.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// Private Use Networks (RFC 1918)
-zone "10.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// Link-local/APIPA (RFCs 3330 and 3927)
-zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// TEST-NET for Documentation (RFC 3330)
-zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// Router Benchmark Testing (RFC 3330)
-zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// IANA Reserved - Old Class E Space
-zone "240.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "241.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "242.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "243.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "244.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "245.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "246.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "247.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "248.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "249.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "250.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "251.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "252.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "253.in-addr.arpa" { type master; file "master/empty.db"; };
-zone "254.in-addr.arpa" { type master; file "master/empty.db"; };
+zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// IPv6 Unassigned Addresses (RFC 4291)
-zone "1.ip6.arpa" { type master; file "master/empty.db"; };
-zone "3.ip6.arpa" { type master; file "master/empty.db"; };
-zone "4.ip6.arpa" { type master; file "master/empty.db"; };
-zone "5.ip6.arpa" { type master; file "master/empty.db"; };
-zone "6.ip6.arpa" { type master; file "master/empty.db"; };
-zone "7.ip6.arpa" { type master; file "master/empty.db"; };
-zone "8.ip6.arpa" { type master; file "master/empty.db"; };
-zone "9.ip6.arpa" { type master; file "master/empty.db"; };
-zone "a.ip6.arpa" { type master; file "master/empty.db"; };
-zone "b.ip6.arpa" { type master; file "master/empty.db"; };
-zone "c.ip6.arpa" { type master; file "master/empty.db"; };
-zone "d.ip6.arpa" { type master; file "master/empty.db"; };
-zone "e.ip6.arpa" { type master; file "master/empty.db"; };
-zone "0.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "1.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "2.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "3.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "4.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "5.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "6.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "7.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "8.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "9.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "a.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "b.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; };
+zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// IPv6 ULA (RFC 4193)
-zone "c.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "d.f.ip6.arpa" { type master; file "master/empty.db"; };
+zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// IPv6 Link Local (RFC 4291)
-zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; };
+zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// IPv6 Deprecated Site-Local Addresses (RFC 3879)
-zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; };
-zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; };
+zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
// IP6.INT is Deprecated (RFC 4159)
-zone "ip6.int" { type master; file "master/empty.db"; };
+zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; };
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
@@ -265,17 +266,16 @@ zone "example.org" {
allow-update {
key "exampleorgkey";
};
- file "dynamic/example.org";
+ file "/etc/namedb/dynamic/example.org";
};
*/
/* Example of a slave reverse zone
zone "1.168.192.in-addr.arpa" {
type slave;
- file "slave/1.168.192.in-addr.arpa";
+ file "/etc/namedb/slave/1.168.192.in-addr.arpa";
masters {
192.168.1.1;
};
};
*/
-
OpenPOWER on IntegriCloud