named.conf & dnssec overthink?

Tom Horsley tom.horsley at att.net
Fri Apr 17 00:28:30 UTC 2009


I've been trying to get bind running in a chroot jail on fedora 11,
and discovering the insanely convoluted nonsense that is dnssec-configure
and the init.d script time editing of named.conf.

WTF goes on here? Why all the cryptic nonsense to try and dynamically
modify the named.conf file with separate tools?

Why not just leave it the way it is obviously intended to work by
the upstream bind maintainers? If you want dnssec, you put the required
gibberish in the named.conf file. If you don't want it, you don't put it
in the file? Everything else in bind is cryptic gibberish in named.conf.

What makes the dnssec cryptic gibberish so special that it needs
its own separate tool to modify your config files behind your back?
(Especially since the tool appears to be utterly confused by moving
the files to a chroot jail directory).




More information about the fedora-test-list mailing list