named questions.

Hello:
I have named running as secondary server on v6.2
It will not start without a specific configuration file set
on the command line. After doing some investigation
it appears that that is because it runs chrooted and
there is not a symlink from /etc/namedb. Is that a correct
assumption? I read the man page and it specifies
the default configuration file as /etc/namedb/named.conf
and along with this file there are master and slave
directories.
Would I make the /etc/namedb/named.conf file to be a
symlink
to /var/named/etc/namedb/named.conf?

There are some other entries in rc.conf related to named
that
appear in my primary nameserver rc.conf file that relate to
getting
it up at boot but I have lost root access to that machine so
I cannot
recover the rc.conf details and I do not remember what
document-
ation I was using to set it up.

I was advised to start named as a user other than root but
when I
tried that named would not start because the user I set it
to does
not have write permission in the directory that has the pid
file.

When named starts at boot what user does it run as, by
default?

Thank you for any guidance.
Jeff K

_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

jekillen wrote:
> Hello:
> I have named running as secondary server on v6.2
> It will not start without a specific configuration file
set
> on the command line. After doing some investigation
> it appears that that is because it runs chrooted and
> there is not a symlink from /etc/namedb. Is that a
correct
> assumption? I read the man page and it specifies
> the default configuration file as
/etc/namedb/named.conf
> and along with this file there are master and slave
directories.
> Would I make the /etc/namedb/named.conf file to be a
symlink
> to /var/named/etc/namedb/named.conf?
>

What you've read is correct.  chroot'ing does in fact
prevent the 
program from traversing higher in the file hiarchy.
This makes sense as to why you need to specify the
configuration file on 
the command line.  I presume named will
read the configuration file prior to chrooting.  I don't use
named 
though as I have my preference, and can't be 100%
without looking at the source code.

A symlink does you no good do to my explanation above.  If
you chroot, 
you lose the ability to get into /var or vica versa.
That's the whole purpose of 'change root'.

> There are some other entries in rc.conf related to
named that
> appear in my primary nameserver rc.conf file that
relate to getting
> it up at boot but I have lost root access to that
machine so I cannot
> recover the rc.conf details and I do not remember what
document-
> ation I was using to set it up.
>
> I was advised to start named as a user other than root
but when I
> tried that named would not start because the user I set
it to does
> not have write permission in the directory that has the
pid file.
>
named must be started as root in order to bind to port 53. 
Afterwards I 
assume it changes it's uid using some
configuration setting.  This is a standard practice now
adays amongst 
utilities needing to bind to reserved ports.
Check your config file to set the user you want to run the
daemon as 
after it's done with it's initialization
(i.e. binding to the port and creating the /var/run file),
but remember 
you must physically start named as root in
order to get named working correctly.
> When named starts at boot what user does it run as, by
default?
>
bind

That's a guess based on the following:

nat# fgrep bind /etc/passwd
bind:53:53:Bind
Sandbox:/:/usr/sbin/nologin

> Thank you for any guidance.
> Jeff K
>
> _______________________________________________
> freebsd-questionsfreebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribefreebsd.org"

_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

At 08:59 PM 3/12/2008, jekillen wrote:
>Hello:
>I have named running as secondary server on v6.2
>It will not start without a specific configuration file
set
>on the command line. After doing some investigation
>it appears that that is because it runs chrooted and
>there is not a symlink from /etc/namedb. Is that a
correct
>assumption? I read the man page and it specifies
>the default configuration file as
/etc/namedb/named.conf
>and along with this file there are master and slave
directories.
>Would I make the /etc/namedb/named.conf file to be a
symlink
>to /var/named/etc/namedb/named.conf?

You can run named chrooted or not.  The default is to run
chrooted.  Look in:
/etc/defaults/rc.conf
for all the named configuration options and default
settings.

If you run chrooted be sure your chroot environment has
writeable directory 
for the slave files.


>There are some other entries in rc.conf related to named
that
>appear in my primary nameserver rc.conf file that relate
to getting
>it up at boot but I have lost root access to that
machine so I cannot
>recover the rc.conf details and I do not remember what
document-
>ation I was using to set it up.

You should not need root access to read /etc/rc.conf.  This
is usually 
given read by all perms.

However, in my rc.conf I set:
named_chroot_autoupdate="NO"   # Automatically
install/update chrooted
named_chrootdir=""    # Chroot directory (or
"" not to auto-chroot it)
named_enable="YES"
named_flags=  # quoted string for the command line
named_uid=    # quoted user name to run as "bind"
or "root"



>I was advised to start named as a user other than root
but when I
>tried that named would not start because the user I set
it to does
>not have write permission in the directory that has the
pid file.

Your chroot environment must be set up correctly with the
correct perms to 
write those files and to read the named.conf file.


>When named starts at boot what user does it run as, by
default?

It will run by the named_uid you set in /etc/rc.conf

You will have an easier time getting named to run via the
command line, 
then set /etc/rc.conf for the correct settings.

/usr/sbin/named -c [to the path and name for naed.conf] -u
[the user name 
to run as] -t [chroot directory or omit this setting if not
chrooting]

         -Derek

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"

On Thursday 13 March 2008 02:59:35 jekillen wrote:

> I have named running as secondary server on v6.2
> It will not start without a specific configuration file
set
> on the command line. After doing some investigation
> it appears that that is because it runs chrooted and
> there is not a symlink from /etc/namedb.

You should start it by:
echo 'named_enable="YES"' >>/etc/rc.conf
/etc/rc.d/named start

This should by default create the symlink and populate the
chroot directory. 
If there is already a directory /etc/namedb or a file
/etc/namedb it will 
warn you.

Have a look at /etc/rc.d/named and the named_ variables 
in /etc/defaults/rc.conf.

-- 
Mel

Problem with today's modular software: they start with the
modules
    and never get to the software part.
_______________________________________________
freebsd-questionsfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-que
stions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribefreebsd.org"