[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F11 bind-chroot - a question?





Mail Lists-3 wrote:
> 
> On 06/16/2009 10:36 PM, Todd Zullinger wrote:
> 
>> If the concern is applications needing to determine whether bind is
>> configured for a chroot or not, I think the application should be
>> checking /etc/sysconfig/named for the ROOTDIR variable.
> 
>    Excellent suggestion ... that is the right way ..
> 
> 

Indeed so - certainly in F10 installing the bind-chroot package does produce
a line in the /etc/sysconfig/named with ROOTDIR pointing to
/var/named/chroot, and creates a set of startup files in the chroot
including name.conf and the root cert files etc, as well as rndc related
files.

However in F11 as far as I remember this does not happen and although
installing the bind-chroot package in F11 creates a directory structure from
/var/named/chroot there is almost nothing in there and no standard set of
files apart from null, random, zero and localtime. There is also no
/etc/sysconfig/named created with the ROOTDIR pointing at the chroot, and
the original file from the bind package remains with only the contents:
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
# Currently, you can use the following options:
#
# ROOTDIR="/some/where"  --  will run named in a chroot environment.
#                            you must set up the chroot environment 
#                            (install the bind-chroot package) before
#                            doing this.
#
# OPTIONS="whatever"     --  These additional options will be passed to
named
#                            at startup. Don't add -t here, use ROOTDIR
instead.
#
# KEYTAB_FILE="/dir/file"    --  Specify named service keytab file (for
GSS-TSIG)

There are of course a load of files related to dnssec in the doc files - and
the root cert files remain in /var/named/ but are not reproduced in the
chroot. So this is very different behaviour to F10 and earlier when
bind-chroot is installed. Surely the bind-chroot package should create a set
of intitial files in the chroot and also replace the /etc/sysconfig/named
file with one pointing at the chroot, but it does not, and the behaviour
when bind-chroot is installed from the current package set does almost
nothing at all except create a couple of directories in the chroot and four
basic basic files (which I listed above) none of which relate to the
named.conf or root cert files.

To me this implies that some work needs to be done to remedy this problem.

-- 
View this message in context: http://www.nabble.com/F11-bind-chroot---a-question--tp24015613p24087795.html
Sent from the Fedora List mailing list archive at Nabble.com.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]