# To create a chroot environment for bind9, do the following as root.
# These steps assume that you have an existing bind9 installation
# that is running out of /usr/local and the configs are in
# /usr/local/etc/namedb

mkdir /var/named
chown bind:bind /var/named
chmod 750 /var/named
cd /var/named
mkdir dev etc master slave var
chmod 555 dev
chown bind:bind slave var
chmod 750 etc master slave var
printf "devfs\t\t\t/var/named/dev\tdevfs\trw\t\t0\t0" >> /etc/fstab
mount /var/named/dev
cd etc
cp -pf /etc/localtime .
mv -f /usr/local/etc/named/named.conf .
ln -sf named.conf /usr/local/etc/named/named.conf
cp -f /usr/src/contrib/bind/bin/named/test/root.hint .
fetch -o named.sh http://people.FreeBSD.org/~seanc/bind9/named.sh
chmod 700 named.sh
touch rndc.conf
chmod 600 rndc.conf
chgrp wheel rndc.conf
rndc-confgen -k "`hostname`_key" -r ../dev/random > rndc.conf
echo >> named.conf
cat rndc.conf | tail -10 | head -9 | sed -e 's/^# //g' >> named.conf
cd ../master
mv /usr/local/etc/namedb/localhost.rev .


# Now, be sure to edit named.conf and:
#
# 1) change the "directory" directive to be just "/",
#    not "/usr/local/etc/namedb"
# 2) change the zone file names to be "/master/localhost.rev"
#    or something similar.
# 3) change your roots.hint path to be "/etc/roots.hint"
# 4) existing zone file blocks may need to have their path
#    changed.
#
# Other notes:
#
# 1) Look in /var/log/messages for startup failure messages (or
#    wherever your logging output is going).  The path
#    /var/log/messages is outside of the chroot dir.
# 2) All pathnames in your configuration are relative to the
#    chroot directory, /var/named.
# 3) To have named get started in a chroot environment when your
#    system starts, change /etc/rc.conf (outside of the chroot)
#    to read like:
#
#    named_enable="YES"
#    named_program="/var/named/etc/named.sh"
#    named_flags="boot"
# 4) To start/stop named without rebooting, just run:
#
#    /var/named/etc/named.sh start
#
#    Be sure to check and make sure that it started in case you
#    made any mistakes!!!
# 5) A handy way to remove bind8 from /usr is to make the net/bind8
#    port with PORT_REPLACES_BASE_BIND8 defined, install it, deinstall it
#    and copy /usr/src/include/netdb.h and /usr/src/include/arpa/inet.h
#    back into /usr/include:
#
#    cd /usr/ports/net/bind8
#    make PORT_REPLACES_BASE_BIND8=yes
#    cp -pf /usr/include/netdb.h /usr/include/arpa/inet.h /usr/include/arpa/nameser.h /usr/include/arpa/nameser_compat.h /tmp
#    make install && make deinstall
#    cp -pf /tmp/netdb.h /usr/include/
#    cp -pf /tmp/inet.h /usr/include/arpa/
#    cp -pf /tmp/nameser.h /usr/include/arpa/
#    cp -pf /tmp/nameser_compat.h /usr/include/arpa/