Subject: Re: Location of "named.conf"
To: None <>
From: Igor Sobrado <>
List: current-users
Date: 08/31/2005 12:49:07

I am reading this thread but I am not subscribed to the mailing list (I am
not a -current user usually, only working on -current sources from Aug 27
to develop some patches I promised about two months ago but I want using
-stable if possible).  BTW, I am greatly surprised about how easy and fast
is building -current.  I build it in less than an hour on a standard
filesystem (../obj was mounted rw,softdep only).  :-)

I have read Perry concerns about not running named chrooted.  Perhaps
/etc/namedb should be moved to /var/chroot/named/etc/namedb.  Where
"named.conf" must be placed is another issue.  I am quite sure, the
right answer will be find in this thread.  But certainly, NetBSD
should default to the most secure configuration.  IMHO, /etc/namedb is
a dangerous place to store named files.

Certainly adding "named=YES" and 'named_chrootdir="/var/chroot/named"'
to /etc/rc.conf to enable a cache nameserver would be great.  In fact,
perhaps these "*_chrootdir" entries can be enabled by default in
/etc/defaults/rc.conf to make default configuration even more secure
on all chrootable listeners.  I am not sure if I am missing some important
points on this thread, I have problems finding the old "CVS commit: src"
thread in the mailing list archives for august.

On the other hand, I am against symlinks from the old entries to the
new files.  I believe that it will make the operating system less clean.
I suppose that there is a better answer to the problem of making this
change transparent to NetBSD managers.  Perhaps a small effort would
be acceptable for system managers if it makes the operating system
more clean.

Best regards,