Reviewed by: freebsd-current, freebsd-security
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s subdirectory (user bind, group bind) to hold secondaries, adjust comments in named.conf to reflect new secondary scheme. (Note that core read-only zone files are left owned by root, increasing security even more).
This commit is contained in:
parent
ac48aa416a
commit
128272b8c5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=41442
@ -1,4 +1,4 @@
|
||||
# $Id: BSD.root.dist,v 1.31 1998/09/30 22:27:27 jkh Exp $
|
||||
# $Id: BSD.root.dist,v 1.32 1998/10/17 01:21:35 peter Exp $
|
||||
#
|
||||
|
||||
/set type=dir uname=root gname=wheel mode=0755
|
||||
@ -31,6 +31,8 @@
|
||||
mtree
|
||||
..
|
||||
namedb
|
||||
s uname=bind gname=bind mode=0750
|
||||
..
|
||||
..
|
||||
ppp
|
||||
..
|
||||
|
@ -1,4 +1,4 @@
|
||||
// $Id: named.conf,v 1.1 1998/05/07 23:42:33 ache Exp $
|
||||
// $Id: named.conf,v 1.2 1998/05/11 11:26:28 peter Exp $
|
||||
//
|
||||
// Refer to the named(8) man page for details. If you are ever going
|
||||
// to setup a primary server, make sure you've understood the hairy
|
||||
@ -77,11 +77,15 @@ zone "0.0.127.IN-ADDR.ARPA" {
|
||||
//
|
||||
// NB: Don't blindly enable the examples below. :-) Use actual names
|
||||
// and addresses instead.
|
||||
//
|
||||
// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).
|
||||
// The directory containing the secondary zones must be write accessible
|
||||
// to bind.
|
||||
|
||||
/*
|
||||
zone "domain.com" {
|
||||
type slave;
|
||||
file "domain.com.bak";
|
||||
file "s/domain.com.bak";
|
||||
masters {
|
||||
192.168.1.1;
|
||||
};
|
||||
@ -89,7 +93,7 @@ zone "domain.com" {
|
||||
|
||||
zone "0.168.192.in-addr.arpa" {
|
||||
type slave;
|
||||
file "0.168.192.in-addr.arpa.bak";
|
||||
file "s/0.168.192.in-addr.arpa.bak";
|
||||
masters {
|
||||
192.168.1.1;
|
||||
};
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# All arguments must be in double or single quotes.
|
||||
#
|
||||
# $Id: rc.conf,v 1.62 1998/11/15 20:30:04 msmith Exp $
|
||||
# $Id: rc.conf,v 1.63 1998/11/25 21:16:43 msmith Exp $
|
||||
|
||||
##############################################################
|
||||
### Important initial Boot-time options #####################
|
||||
@ -46,7 +46,7 @@ inetd_enable="YES" # Run the network daemon dispatcher (or NO).
|
||||
inetd_flags="" # Optional flags to inetd.
|
||||
named_enable="NO" # Run named, the DNS server (or NO).
|
||||
named_program="named" # path to named, if you want a different one.
|
||||
named_flags="" # Flags for named (/etc/namedb/named.conf is
|
||||
named_flags="-u bind -g bind" # Flags for named (/etc/namedb/named.conf is
|
||||
# the default now).
|
||||
kerberos_server_enable="NO" # Run a kerberos master server (or NO).
|
||||
kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on
|
||||
|
Loading…
Reference in New Issue
Block a user