1. Remove the named_rcng variable. Mike's caution in this area was a good

thing, but we're ready to move on.

2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.

3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].

4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.

5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.

There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.

Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush

1 files changed, 0 insertions, 12 deletions

diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 369585c..658f1d2 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -1027,18 +1027,6 @@ is set to
 .Dq Li YES ,
 these are the flags to pass to
 .Xr inetd 8 .
-.It Va named_rcng
-.Pq Vt bool
-If set to
-.Dq Li YES
-use new functionality provided in the
-.Pa /etc/rc.d/named
-script to facilitate a
-.Xr chroot 8
-instance of
-.Xr named 8 .
-This variable is experimental.
-It may be removed or changed in the near future.
 .It Va named_enable
 .Pq Vt bool
 If set to