On Sunday 14 July 2002 19:13, Steve Wingate wrote:
> If you're reading this link for sandboxing BIND this is as standard
> as it gets.
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html
>
>
> From what I've read from you it appears you haven't done everything
> these steps tell you to do.
>
I must concur with Steve.
Just yesterday I set up bind in it's own little sandbox. I did it by
following the instructions in the link Steve quoted above. It works
just fine!
OK - I stumbled over one tiny problem. when building the statically
linked 'named-xfer', the Handbook concludes with :
============
# cp named-xfer /etc/namedb/bin && chmod 555 /etc/namedb/bin/named-xfer
============
But the newly built 'named-xfer' is not in the current directory. A
tiny bit of lateral thinking prompted me to look in /usr/obj`pwd` - and
there it was - nice and fresh!
I actually built myself a script as I went along, because I intend doing
this again in future without always reading the manual. It's brand
new, so please forgive the rough edges. And I have changed a couple of
things to suit my personal taste and setup. Here's my script:
(Beware line wrap in the mailer)
===========================
#!/usr/local/bin/bash
cd /etc/namedb
mkdir -p usr/libexec dev etc var/tmp var/run master slave
chown bind:bind slave var/*
cp /etc/localtime etc
[ -L named.conf ] || mv named.conf etc && ln -sf etc/named.conf
[ -f named.root ] && mv named.root master/FWD_root
# I'm not interested in ipv6, so I dump it
sh make-localhost && mv localhost.rev master/REV_localhost && rm
localhost-v6.rev
echo "
$ORIGIN localhost.
$TTL 6h
@ IN SOA localhost. postmaster.localhost. (
1 ; serial
3600 ; refresh
1800 ; retry
604800 ; expiration
3600 ) ; minimum
IN NS localhost.
IN A 127.0.0.1
" > master/FWD_localhost
cd /usr/src/lib/libisc && make clean all
cd /usr/src/lib/libbinf && make clean all
cd /usr/src/libexec/named-xfer && make NOSHARED=yes clean all
cp /usr/obj/usr/src/libexec/named-xfer/named-xfer
/etc/namedb/usr/libexec && chmod 555 /etc/namedb/usr/libexec/named-xfer
cd /etc/namedb
if [ ! -c dev/null ]
then
cd /etc/namedb/dev
mknod null c 2 2
chmod 666 null
cd /etc/namedb
fi
[ -L /var/run/ndc ] || ln -sf /etc/namedb/var/run/ndc /var/run/ndc
echo "
# These three lines added by ${0}
# named_enable=\"YES\"
# named_flags=\"-u bind -g bind -t /etc/namedb /etc/named.conf\"
# syslogd_flags=\"-ss -l /etc/namedb/dev/log\"
" >> /etc/rc.conf
echo "
***
Remember edit /etc/rc.conf and sort out the three lines I\'ve added!
***
===========================
HTH :)
--
Regards,
Patrick O'Reilly.
Perimeter Networks CC.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
