On Fri, 24 Sep 2010, Stewart Dean wrote:
> 1) I assume the canonical location of named.conf is always in /etc?
A default build of bind expects to find it in /etc/named.conf
If you are running chrooted it needs to be copied into the chroot.
> 2) My home-built binary is nearly 7MB, while the CentOS distro binary is about
> 400K. Is this right? Is there a way as in sendmail of determining what
> features bind was built with or is that an invalid question?
Apart from named -V which David Miller mentioned, try running ldd named to
compare how the two versions are linked.
> 3) My binary is (sensibly) in /usr/local/sbin where it is found first by the
> which command, but the distro init.d/named invocation file looks to the distro
> /usr/sbin.
Take a copy of the startup script. Remove the distro's named package.
Put a suitably edited version of the startup script in
/usr/local/etc/init.d (so it is clear it isn't owned by the distro) and
add a symlink from /etc/init.d/named to /usr/local/etc/init.d/named
> 5) What are the drawbacks in running a chrooted DNS?
It is a bit tricky to ensure all the paths compiled into the various
programs work both inside and outside the chroot, in particular
/etc/rndc.key and /var/run/named/session.key (for nsupdate -l).
The normal way is to set up the chroot in /var/run/named but this is also
bind's default working directory when running outside the chroot, and I
don't like chrooted programs being able to write to their root directory.
I run bind in the chroot /spool/bind and to minimize the number of
non-default run-time settings I configure it at compile time with
--localstatedir=/spool/bind/var --sysconfdir=/spool/bind/etc
At run-time I configure bind with directory "/spool/bind/var";
so all pathnames work chrooted or not. When running bind chrooted I need
to specify the configuration file path to suppress a warning, i.e.
named -u named -t /spool/bind -c /etc/named.conf
To set up the chroot, I do
T=/spool/bind
mkdir $T/etc
$PREFIX/sbin/rndc-confgen -a -u named
chmod g+r $T/etc/rndc.key
mkdir $T/var # named working directory
chown named $T/var
mkdir $T/log
chown named $T/log
mkdir $T/dev
cp -a /dev/urandom $T/dev
cp -a /dev/random $T/dev
# so named can find things inside the chroot
mkdir $T/var/run
ln -s var/run $T/spool
ln -s ../.. $T/spool/bind
ln -s .. $T/var/run/named
ln -s .. $T/var/run/lwresd
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
ROUGH. RAIN THEN FAIR. GOOD.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
