Bind > 9.12 Will Not Start On FreeBSD

Doug Barton dougb at dougbarton.us
Sun Apr 28 06:03:48 UTC 2019


On 4/27/19 9:22 PM, Tim Daneliuk wrote:
> On 4/27/19 5:33 PM, @lbutlr wrote:
>> On 27 Apr 2019, at 16:21, Tim Daneliuk <tundra at tundraware.com> wrote:
>>> Why is 9.12+ now suddenly so grumpy about who owns the files?  Is this a recent fix to reduce the attack surface on files owned by root?
>>
>> Pretty sure. I thought it was mentioned in the 9.12 release notes, but now I can't find it.
>>
>>
> 
> Possibly relevant:
> 
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223842

Yes, that's almost certainly it. Sad to see that the FreeBSD ports team 
is still doing their usual stellar job of "It's not our problem."

You need to make the directory you define as the working directory 
("directory" in named.conf) writable to the named process.

I vaguely recall that I might have had code to make sure that got set 
correctly in the rc.conf file back when I was maintaining the BIND 
ports, but I can't figure out what they've done to the repo, and I can't 
find my old stuff in there.

You're probably better off making your working directory something 
that's not named in the mtree file, so that your permissions don't get 
"fixed" by it.

hope this helps,

Doug


More information about the bind-users mailing list