# To create a chroot environment for bind9, do the following as root. # These steps assume that you have an existing bind9 installation # that is running out of /usr/local and the configs are in # /usr/local/etc/namedb mkdir /var/named chown bind:bind /var/named chmod 750 /var/named cd /var/named mkdir dev etc master slave var chmod 555 dev chown bind:bind slave var chmod 750 etc master slave var printf "devfs\t\t\t/var/named/dev\tdevfs\trw\t\t0\t0" >> /etc/fstab mount /var/named/dev cd etc cp -pf /etc/localtime . mv -f /usr/local/etc/named/named.conf . ln -sf named.conf /usr/local/etc/named/named.conf cp -f /usr/src/contrib/bind/bin/named/test/root.hint . fetch -o named.sh http://people.FreeBSD.org/~seanc/bind9/named.sh chmod 700 named.sh touch rndc.conf chmod 600 rndc.conf chgrp wheel rndc.conf rndc-confgen -k "`hostname`_key" -r ../dev/random > rndc.conf echo >> named.conf cat rndc.conf | tail -10 | head -9 | sed -e 's/^# //g' >> named.conf cd ../master mv /usr/local/etc/namedb/localhost.rev . # Now, be sure to edit named.conf and: # # 1) change the "directory" directive to be just "/", # not "/usr/local/etc/namedb" # 2) change the zone file names to be "/master/localhost.rev" # or something similar. # 3) change your roots.hint path to be "/etc/roots.hint" # 4) existing zone file blocks may need to have their path # changed. # # Other notes: # # 1) Look in /var/log/messages for startup failure messages (or # wherever your logging output is going). The path # /var/log/messages is outside of the chroot dir. # 2) All pathnames in your configuration are relative to the # chroot directory, /var/named. # 3) To have named get started in a chroot environment when your # system starts, change /etc/rc.conf (outside of the chroot) # to read like: # # named_enable="YES" # named_program="/var/named/etc/named.sh" # named_flags="boot" # 4) To start/stop named without rebooting, just run: # # /var/named/etc/named.sh start # # Be sure to check and make sure that it started in case you # made any mistakes!!! # 5) A handy way to remove bind8 from /usr is to make the net/bind8 # port with PORT_REPLACES_BASE_BIND8 defined, install it, deinstall it # and copy /usr/src/include/netdb.h and /usr/src/include/arpa/inet.h # back into /usr/include: # # cd /usr/ports/net/bind8 # make PORT_REPLACES_BASE_BIND8=yes # cp -pf /usr/include/netdb.h /usr/include/arpa/inet.h /usr/include/arpa/nameser.h /usr/include/arpa/nameser_compat.h /tmp # make install && make deinstall # cp -pf /tmp/netdb.h /usr/include/ # cp -pf /tmp/inet.h /usr/include/arpa/ # cp -pf /tmp/nameser.h /usr/include/arpa/ # cp -pf /tmp/nameser_compat.h /usr/include/arpa/