[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F11 bind-chroot - a question?

Mail Lists-3 wrote:
> On 06/16/2009 10:36 PM, Todd Zullinger wrote:
>> If the concern is applications needing to determine whether bind is
>> configured for a chroot or not, I think the application should be
>> checking /etc/sysconfig/named for the ROOTDIR variable.
>    Excellent suggestion ... that is the right way ..

Indeed so - certainly in F10 installing the bind-chroot package does produce
a line in the /etc/sysconfig/named with ROOTDIR pointing to
/var/named/chroot, and creates a set of startup files in the chroot
including name.conf and the root cert files etc, as well as rndc related

However in F11 as far as I remember this does not happen and although
installing the bind-chroot package in F11 creates a directory structure from
/var/named/chroot there is almost nothing in there and no standard set of
files apart from null, random, zero and localtime. There is also no
/etc/sysconfig/named created with the ROOTDIR pointing at the chroot, and
the original file from the bind package remains with only the contents:
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
# ROOTDIR="/some/where"  --  will run named in a chroot environment.
#                            you must set up the chroot environment 
#                            (install the bind-chroot package) before
#                            doing this.
# OPTIONS="whatever"     --  These additional options will be passed to
#                            at startup. Don't add -t here, use ROOTDIR
# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for

There are of course a load of files related to dnssec in the doc files - and
the root cert files remain in /var/named/ but are not reproduced in the
chroot. So this is very different behaviour to F10 and earlier when
bind-chroot is installed. Surely the bind-chroot package should create a set
of intitial files in the chroot and also replace the /etc/sysconfig/named
file with one pointing at the chroot, but it does not, and the behaviour
when bind-chroot is installed from the current package set does almost
nothing at all except create a couple of directories in the chroot and four
basic basic files (which I listed above) none of which relate to the
named.conf or root cert files.

To me this implies that some work needs to be done to remedy this problem.

View this message in context: http://www.nabble.com/F11-bind-chroot---a-question--tp24015613p24087795.html
Sent from the Fedora List mailing list archive at Nabble.com.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]