Installing BIND 9.2.0
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Sat Mar 23 09:15:14 UTC 2002
Pete Ehlke <pde at ehlke.net> wrote:
> On Fri, Mar 22, 2002 at 04:09:43PM -0800, BigL wrote:
>>
>> It seems to put everything in /usr/local/sbin, which is understandable, but
>> I want it to get rid of the named in /usr/sbin (version 8.2.3) or I want to
>> make FreeBSD start using this new version of named, how can I do that? I
>> don't think I'm supposed to change anything in rc.conf
>>
> Why ever would you think that you shouldn't change rc.conf? It's *there*
> for you to change ;)
> named_enable="YES"
> named_program="/usr/local/sbin/named"
> named_flags="-u bind -t /chroot/named"
> And while you're at it, be sure to add something like
> rand_irqs="9 10 11"
> to seed /dev/random
Bind-9 install scripts will install bind-9 under /usr/local/{bin | sbin} and
leave the old binaries unaffected.
This has the sideeffect that any usage of "dig" "nslookup" or even a
manual start using "named" will launch the wrong binary.
Replacing the binaries by placing bind 9 on the same locations /usr/{bin | sbin}
will cure this. It will however create a vulnerability where an update of
the host could actually overwrite your bind-9 with the "current" bind
supplied with the distribution ( freebsd has a "WITHOUT_BIND" directive,
however i never seem to find it documented)
This leaves you in an hard and cold place, either locate bind 9 in
/usr/local , with the risk that the wrong binary wil execute, or
overwrite /usr that makes you system vulnerable to upate/patches.
You cannot both eat the cake and keep it for future :-)
> -Pete
> --
> "religious fanatics are not part of my desired user base."
> - djb at cr.yp.to
--
Peter Håkanson
IPSec Sverige (At the Riverside of Gothenburg, home of Volvo)
Sorry about my e-mail address, but i'm trying to keep spam out.
Remove "icke-reklam" and it works.
More information about the bind-users
mailing list