Re: Location of BIND

From: Christopher Nehren (apeiron_at_comcast.net)
Date: 11/30/04 

Date: 30 Nov 2004 03:39:16 GMT

On 2004-11-30, Logan Shaw scribbled these
curious markings:
> So anyway, can you explain your approach a little more and the
> benefits of it? I have to admit my named has been running happily
> for QUITE some time without an update. (In fact, I should probably
> check its version number, but I digress...)

First, I start by installing the port with a PREFIX option that differs
from the default, like this:

cd ${PORTSDIR}/dns/bind9
make PREFIX=/var/named install

Note that if you also define PORT_REPLACES_BASE_BIND9, then the prefix
is set to /usr (which ... oddly enough, and I realise this while reading
the Makefile ... *un*chroot's BIND9 on recent 5.x versions of FreeBSD,
as well as -CURRENT. I shall have to send-pr or send email about that.),
so it's probably best to avoid that option for this configuration.

Okay, barring any errors, you have a BIND9 installed in /var/named. I
create a /dev/random in the chroot as prompted by the pkg-message, and
then set up rndc and randomness as that is a 4.x box in question. Then I
do the rest of the nameserver configuration.

Here are the /etc/rc.conf options to enable this setup on a 4.x machine:
named_enable="YES"
named_program="/var/named/sbin/named"
named_flags="-t /var/named -u bind -c /etc/named.conf"

That's pretty much all for my approach. As for the benefits: they're the
same as any chroot setup: compartmentalisation, and
compartmentalisation's inherent security. I suppose that I *could* do a
jail, but when I set up that system's BIND I wanted to mimic my OpenBSD
setup as closely as possible -- and to be honest, I wasn't nearly as
familiar with jails or many other things as I am now.

I might be missing a detail or two; aside from portupgrade, it's been a
while since I too have changed my BIND configuration. 

-- 
I abhor a system designed for the "user", if that word is a coded
pejorative meaning "stupid and unsophisticated".  -- Ken Thompson
Linux: "How rebellious ... in a conformist sort of way."
Unix is user friendly. However, it isn't idiot friendly.

Relevant Pages

  • Re: office 2007 on vista and xp?
    ... There could be something wrong with the file itself or setup caught on to your non-supported configuration. ... > The concept of installing only one copy of the program (on one single ... > If you try the same setup program from XP, ...
    (microsoft.public.office.misc)
  • Re: Problem trying to install Team Foundation Server 2008 on a SharePoint site
    ... You'll find various Team Foundation Server *forums* listed here ... The Setup (and Configuration) forum here ... seems the best bet for a question about problems when installing Team Foundation Server. ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: Point missed. Was: Re: Debian as a Web server
    ... the setup for the webserver stuff and the modules to be ... and the bind configuration and the configurations it ... Webmin globs them all together. ...
    (Debian-User)
  • RE: SBS 2003 Premium Sharepoint Services 3.0 update with SQL 2005
    ... Please contact Microsoft Customer Support Services to obtain the hotfix. ... Technologies Configuration Wizard." ... Installing Windows SharePoint Services 3.0 on a Server Running Windows ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to reinstall SBS Monitoring
    ... Uninstall Windows SBS 2003 R2 components". ... they ask to see "Installing the Windows Small Business ... Rerun Setup, and retry installing ... B5CA-19397244DCFD})of sql setup at Software\Microsoft\Microsoft SQL ...
    (microsoft.public.windows.server.sbs)