Subject: Re: Location of "named.conf"
To: None <current-users@NetBSD.org>
From: Igor Sobrado <firstname.lastname@example.org>
Date: 08/31/2005 12:49:07
I am reading this thread but I am not subscribed to the mailing list (I am
not a -current user usually, only working on -current sources from Aug 27
to develop some patches I promised about two months ago but I want using
-stable if possible). BTW, I am greatly surprised about how easy and fast
is building -current. I build it in less than an hour on a standard
filesystem (../obj was mounted rw,softdep only). :-)
I have read Perry concerns about not running named chrooted. Perhaps
/etc/namedb should be moved to /var/chroot/named/etc/namedb. Where
"named.conf" must be placed is another issue. I am quite sure, the
right answer will be find in this thread. But certainly, NetBSD
should default to the most secure configuration. IMHO, /etc/namedb is
a dangerous place to store named files.
Certainly adding "named=YES" and 'named_chrootdir="/var/chroot/named"'
to /etc/rc.conf to enable a cache nameserver would be great. In fact,
perhaps these "*_chrootdir" entries can be enabled by default in
/etc/defaults/rc.conf to make default configuration even more secure
on all chrootable listeners. I am not sure if I am missing some important
points on this thread, I have problems finding the old "CVS commit: src"
thread in the mailing list archives for august.
On the other hand, I am against symlinks from the old entries to the
new files. I believe that it will make the operating system less clean.
I suppose that there is a better answer to the problem of making this
change transparent to NetBSD managers. Perhaps a small effort would
be acceptable for system managers if it makes the operating system