1. Update text about later BINDs using a pseudo-random, unpriviliged
query port for UDP by default.
2. We are now running in a sandbox by default, with a dedicated dump
directory, so remove the stale comment.
3. The topology configuration is not for the faint of heart, so
remove the commented example.
4. Tighten up some language a bit.
5. s/secondary/slave/
6. No need for the example about a bind-owned directory for slave zones.
7. Change domain.com to example.com in the example, per RFC 2606.
8. Update the path for slave zones in the example.
- Thanks to Scot Hetzel <swhetzel@gmail.com>
There is more work to do here, but this is an improvement.
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
work right when the administrator has modified their runtime environment
in a manner not anticipated by our script.
Requested by: Tom Maher <tardis@ece.cmu.edu>
of the SOA 'minimum' field. Now it's necessary to define $TTL seperately
to shut it up. Bind does reasonable things by default but it's annoying
still.
PR: 15834
Submitted by: Daniel Lewart <d-lewart@uiuc.edu>
to the comments in named.conf to describe to the user how to create it.
(named.conf does not use /etc/namedb/s by default anyway so us not
pre-created it in the mtree does not hurt us terribly).
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
subdirectory (user bind, group bind) to hold secondaries, adjust
comments in named.conf to reflect new secondary scheme. (Note that
core read-only zone files are left owned by root, increasing security even
more).
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
The named.root file is out of date.. (well it was.. this fixes it..)
15,16c15,16
< ; last update: Aug 25, 1995
< ; related version of root zone: 1995082500
---
> ; last update: Sep 1, 1995
> ; related version of root zone: 1995090100
18,19c18,22
< . 3600000 IN NS NS.INTERNIC.NET.
< NS.INTERNIC.NET. 3600000 A 198.41.0.4
---
> ;
> ; formerly NS.INTERNIC.NET
> ;
> . 3600000 IN NS A.ROOT-SERVERS.NET.
> A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
>
Delete bogus localhost.rev.
Add prototype localhost.rev and a script to create it automatically.
(NB to installl people: you should ask ``do you have a full-time connection
o the Internet?'', run this script, and enable named if the answer is
yes.)