named_enable="YES"
named_program="/usr/local/sbin/named"
#/etc/rc.d/named start
/etc/rc.d/named: WARNING: /etc/mtree/BIND.chroot.dist missing,
/etc/rc.d/named: WARNING: chroot directory structure not updated
/etc/rc.d/named: WARNING: named chroot: /etc/namedb is a directory!
mount: /var/named/dev: No such file or directory
/etc/rc.d/named: WARNING: devfs_domount(): Unable to mount devfs on /var/named/dev
devfs: open: /var/named/dev: No such file or directory
devfs: open: /var/named/dev: No such file or directory
cp: /var/named/etc/localtime: No such file or directory
cp: /var/named/etc/protocols: No such file or directory
cp: /var/named/etc/services: No such file or directory
rndc-confgen: create keyfile: file not found
Starting named.
/etc/rc.d/named: WARNING: failed to start named
#/usr/local/sbin/named
just works fine. This is really irritating.kpa said:Sounds like the start up script is expecting that it can chroot(8) to /var/named but since you're on FreeBSD 10 that directory and the expected contents are not created by default.
# ls /var/named/
dev etc usr
# ls /etc/namedb/
dynamic master named.conf named.root named.tgz rndc.key slave working
# /etc/rc.d/named start
/etc/rc.d/named: WARNING: /etc/mtree/BIND.chroot.dist missing,
/etc/rc.d/named: WARNING: chroot directory structure not updated
/etc/rc.d/named: WARNING: named chroot: /etc/namedb is a directory!
rndc-confgen: create keyfile: file not found
Starting named.
/etc/rc.d/named: WARNING: failed to start named
# mount
.......
devfs on /var/named/dev (devfs, local, multilabel)
named_chrootdir=""
Support FreeBSD 10.0.
On FreeBSD 10.0, all configuration is installed under
/usr/local/etc/namedb and installs its own rc script in
$PREFIX, which no longer support chroot installations.
LINKS and REPLACE_BASE options are not supported on 10.0
for obvious reasons.
Note for FreeBSD 9.x and earlier users, LINKS is no longer
the default option, though still supported.
usdmatt said:Edit: In fact the port changes have already been done. I'm not sure what it means for chrooting in the future though.
gkontos said:usdmatt said:Edit: In fact the port changes have already been done. I'm not sure what it means for chrooting in the future though.
It means that the port does not support running bind in chroot anymore. There was a long discussion in the mailing lists and the maintainer suggested that those who need the extra security should consider running bind in a jail instead.
For me this is bad news because I could set up an authoritative DNS without having to install ANY 3rd party software.
People have been encouraged on the mailing list(s) (probably freebsd-ports@) to help if they canwblock@ said:It seems like that would be fixable.
kpa said:Why don't you do something yourself? Like come up with a workable replacement for the chroot(8) system that is now missing? FreeBSD has always been a "patches accepted" system as long as those patches are good quality. It's so easy (and cheap) to talk from your comfy armchair and throw judgement at people who work very hard to keep FreeBSD alive. Get involved if you want to change things people!