NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/53652: Change permission of namedb directory

The following reply was made to PR bin/53652; it has been noted by GNATS.

From: Takahiro Kambe <>
Subject: Re: bin/53652: Change permission of namedb directory
Date: Tue, 09 Oct 2018 15:25:53 +0900 (JST)

 In message <>
 	on Sat,  6 Oct 2018 18:10:01 +0000 (UTC), (Christos Zoulas) wrote:
 >  This is not a good idea. NetBSD-current comes with bind-9.12 and
 >  a local fix which avoids this issue.
 I think so, too.
 >  RCS file: /cvsroot/src/external/mpl/bind/dist/lib/dns/view.c,v
 >  revision 1.3
 >  date: 2018-09-12 11:28:42 -0400;  author: christos;  state: Exp;  lines: +2 -2;  commitid: adpcledHWXK8qPRA;
 >  Put the nta files in a subdirectory instead of requiring the namedb root
 >  directory to be writable by named... Others have expressed the same concern,
 >  but upstream refused:
 Note: ISC refused to accept this change as above.
 >  Doesn't this work for you?
 It dose not completly with default configuration on NetBSD current
 # echo 'named_chrootdir="/var/chroot/named"' >> /etc/rc.conf
 # sh /etc/rc.d/named onestart
 Starting named.
 # sh /etc/rc.d/named onestatus
 named is running as pid 1140.
 # /usr/sbin/rndc secroots     
 rndc: 'secroots' failed: permission denied
 could not open named.secroots
 So, it is required changing permission of "directory" or providing
 proper default value for these statements: "secroots-file",
 "recursing-file" and so on.
 Takahiro Kambe <>

Home | Main Index | Thread Index | Old Index