Jun 10 19:02:19 fold named[1939]: starting BIND 9.6.1-P3 -u named Jun 10 19:02:19 fold named[1939]: built with '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstate dir=/var/lib' '--libdir=/usr/lib64' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--with-openssl' '--without-idn' '--disable-ipv6' '--without-libxml2' '--enable-linux-caps' '--enable-threads' '--with-randomdev= /dev/random' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-O2 -pipe -march=nocona' 'LDFLAGS=-Wl,-O1' Jun 10 19:02:19 fold named[1939]: adjusted limit on open files from 1024 to 1048576 Jun 10 19:02:19 fold named[1939]: found 4 CPUs, using 4 worker threads Jun 10 19:02:19 fold named[1939]: using up to 4096 sockets Jun 10 19:02:19 fold named[1939]: loading configuration from '/etc/bind/named.conf' Jun 10 19:02:19 fold named[1939]: using default UDP/IPv4 port range: [1024, 65535] Jun 10 19:02:19 fold named[1939]: using default UDP/IPv6 port range: [1024, 65535] Jun 10 19:02:19 fold named[1939]: listening on IPv4 interface lo, 127.0.0.1#53 Jun 10 19:02:19 fold named[1939]: listening on IPv4 interface eth0, 195.113.57.32#53 Jun 10 19:02:19 fold named[1939]: automatic empty zone: 0.IN-ADDR.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 254.169.IN-ADDR.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: D.F.IP6.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 8.E.F.IP6.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: 9.E.F.IP6.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: A.E.F.IP6.ARPA Jun 10 19:02:19 fold named[1939]: automatic empty zone: B.E.F.IP6.ARPA Jun 10 19:02:19 fold named[1939]: command channel listening on 127.0.0.1#953 Jun 10 19:02:19 fold named[1939]: zone 127.in-addr.arpa/IN: loaded serial 2008122601 Jun 10 19:02:19 fold named[1939]: zone localhost/IN: loaded serial 2008122601 Jun 10 19:02:19 fold named[1939]: zone iresite.org/IN: loaded serial 2009120921 Jun 10 19:02:19 fold named[1939]: zone iresite.org/IN: sending notifies (serial 2009120921) Jun 10 19:02:19 fold named[1939]: running # find / -name chroot /bin/chroot /var/lib/openntpd/chroot /usr/bin/chroot # cat /etc/conf.d/named # Set various named options here. # OPTIONS="" # Set this to the number of processors you want bind to use. # Leave this unchanged if you want bind to automatically detect the number #CPU="1" # If you wish to run bind in a chroot: # 1) un-comment the CHROOT= assignment, below. You may use # a different chroot directory but MAKE SURE it's empty. # 2) run: emerge --config =<bind-version> # CHROOT="/chroot/dns" # RNDC needs to be told what server we're using sometimes. #SERVER="-s 127.0.0.1" # rndc key to use RNDC_KEY="${CHROOT}/etc/bind/rndc.key" # Default pid file location PIDFILE="${CHROOT}/var/run/named/named.pid" # Scheduling priority: 19 is the lowest and -20 is the highest. # NAMED_NICELEVEL="0" # mkdir -p /chroot/dns # ls -laR /chroot /chroot: total 12 drwxr-xr-x 3 root root 4096 Jul 31 13:08 . drwxr-xr-x 27 root root 4096 Jul 31 13:08 .. drwxr-xr-x 5 root named 4096 Jul 31 13:11 dns /chroot/dns: total 20 drwxr-xr-x 5 root named 4096 Jul 31 13:11 . drwxr-xr-x 3 root root 4096 Jul 31 13:08 .. drwxr-xr-x 2 root root 4096 Jul 31 13:11 dev drwxr-xr-x 3 root root 4096 Jul 31 13:11 etc drwxr-xr-x 5 root root 4096 Jul 31 13:11 var /chroot/dns/dev: total 8 drwxr-xr-x 2 root root 4096 Jul 31 13:11 . drwxr-xr-x 5 root named 4096 Jul 31 13:11 .. crw-rw-rw- 1 root root 1, 3 Jul 31 13:11 null crw-rw-rw- 1 root root 1, 8 Jul 31 13:11 random crw-rw-rw- 1 root root 1, 5 Jul 31 13:11 zero /chroot/dns/etc: total 16 drwxr-xr-x 3 root root 4096 Jul 31 13:11 . drwxr-xr-x 5 root named 4096 Jul 31 13:11 .. drwxr-x--- 2 root named 4096 Jul 31 13:11 bind -rw-r--r-- 1 root root 2102 Jul 31 13:11 localtime /chroot/dns/etc/bind: total 8 drwxr-x--- 2 root named 4096 Jul 31 13:11 . drwxr-xr-x 3 root root 4096 Jul 31 13:11 .. /chroot/dns/var: total 20 drwxr-xr-x 5 root root 4096 Jul 31 13:11 . drwxr-xr-x 5 root named 4096 Jul 31 13:11 .. drwxrwx--- 2 root named 4096 Jul 31 13:11 bind drwxr-xr-x 3 root root 4096 Jul 31 13:11 log drwxr-xr-x 3 root root 4096 Jul 31 13:11 run /chroot/dns/var/bind: total 8 drwxrwx--- 2 root named 4096 Jul 31 13:11 . drwxr-xr-x 5 root root 4096 Jul 31 13:11 .. /chroot/dns/var/log: total 12 drwxr-xr-x 3 root root 4096 Jul 31 13:11 . drwxr-xr-x 5 root root 4096 Jul 31 13:11 .. drwxrwx--- 2 root named 4096 Jul 31 13:11 named /chroot/dns/var/log/named: total 8 drwxrwx--- 2 root named 4096 Jul 31 13:11 . drwxr-xr-x 3 root root 4096 Jul 31 13:11 .. /chroot/dns/var/run: total 12 drwxr-xr-x 3 root root 4096 Jul 31 13:11 . drwxr-xr-x 5 root root 4096 Jul 31 13:11 .. drwxrwx--- 2 root named 4096 Jul 31 13:11 named /chroot/dns/var/run/named: total 8 drwxrwx--- 2 root named 4096 Jul 31 13:11 . drwxr-xr-x 3 root root 4096 Jul 31 13:11 .. # # /etc/init.d/named start * Caching service dependencies ... [ ok ] * Starting chrooted named ... * Mounting chroot dirs * mounting /etc/bind to /chroot/dns/etc/bind * mounting /var/bind to /chroot/dns/var/bind * mounting /var/log/named to /chroot/dns/var/log/named [ !! ] * ERROR: named failed to start # ls -la /var/log/named total 8 drwxr-xr-x 2 named named 4096 Nov 10 2009 . drwxr-xr-x 13 root root 4096 Jun 10 19:02 .. # ls -la /chroot/dns/var/bind total 20 drwxr-xr-x 4 named named 4096 Jul 31 11:56 . drwxr-xr-x 5 root root 4096 Jul 31 13:11 .. -rw-r----- 1 root named 2941 Jul 31 11:56 named.cache drwxr-xr-x 2 named named 4096 Jul 31 11:56 pri lrwxrwxrwx 1 root root 21 Jul 31 11:56 root.cache -> /var/bind/named.cache drwxr-xr-x 2 named named 4096 Jul 31 11:56 sec # Jul 31 13:30:05 fold named[3120]: starting BIND 9.7.1-P2 -u named -t /chroot/dns Jul 31 13:30:05 fold named[3120]: built with '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstate dir=/var/lib' '--libdir=/usr/lib64' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--with-openssl' '--without-idn' '--disable-ipv6' '--without-libxml2' '--without-gssapi' '--enable-linux-caps' '--enable-threads' '--with-randomdev=/dev/random' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-O2 -pipe -march=nocona' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' Jul 31 13:30:05 fold named[3120]: adjusted limit on open files from 1024 to 1048576 Jul 31 13:30:05 fold named[3120]: found 4 CPUs, using 4 worker threads Jul 31 13:30:05 fold named[3120]: using up to 4096 sockets Jul 31 13:30:05 fold named[3120]: loading configuration from '/etc/bind/named.conf' Jul 31 13:30:05 fold named[3120]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jul 31 13:30:05 fold named[3120]: using default UDP/IPv4 port range: [1024, 65535] Jul 31 13:30:05 fold named[3120]: using default UDP/IPv6 port range: [1024, 65535] Jul 31 13:30:05 fold named[3120]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 31 13:30:05 fold named[3120]: binding TCP socket: address in use Jul 31 13:30:05 fold named[3120]: listening on IPv4 interface eth0, 195.113.57.32#53 Jul 31 13:30:05 fold named[3120]: binding TCP socket: address in use Jul 31 13:30:05 fold named[3120]: generating session key for dynamic DNS Jul 31 13:30:05 fold named[3120]: could not configure root hints from 'named.ca': file not found Jul 31 13:30:05 fold named[3120]: loading configuration: file not found Jul 31 13:30:05 fold named[3120]: exiting (due to fatal error) Jul 31 13:30:05 fold /etc/init.d/named[2156]: ERROR: named failed to start Would you please improve the einfo() message printed after install of the bind-7.1.x package and clarify in more detail in the /etc/bind/named.conf file what should the "emerge --config" really achieve (what files should be created&copied over from the non-chroot directories)? I believe I used to have /var/bind/chroot/etc/ with copies of my zone files and the idea was that remote attacker could only modify those copies instead of the originals in /etc/. I don't understand what is the feature of mounting /etc/bind to /chroot/dns/etc/bind, for example. The real issue which I demonstrate here is that I used to have /var/bind/named.cache but the scripts(/deamon?) now look for /var/bind/named.ca but are leaky and named process is started anyways. I had to kill the process and remove /var/run/named/* files, btw. So after I made a soflink to named.cache as named.ca I could start the deamon using the init.d script claiming everything went fine. Unfortunately, it wasn't: Jul 31 13:43:18 fold named[13003]: starting BIND 9.7.1-P2 -u named Jul 31 13:43:18 fold named[13003]: built with '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--libdir=/usr/lib64' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--with-openssl' '--without-idn' '--disable-ipv6' '--without-libxml2' '--without-gssapi' '--enable-linux-caps' '--enable-threads' '--with-randomdev=/dev/random' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-O2 -pipe -march=nocona' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' Jul 31 13:43:18 fold named[13003]: adjusted limit on open files from 1024 to 1048576 Jul 31 13:43:18 fold named[13003]: found 4 CPUs, using 4 worker threads Jul 31 13:43:18 fold named[13003]: using up to 4096 sockets Jul 31 13:43:18 fold named[13003]: loading configuration from '/etc/bind/named.conf' Jul 31 13:43:18 fold named[13003]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jul 31 13:43:18 fold named[13003]: using default UDP/IPv4 port range: [1024, 65535] Jul 31 13:43:18 fold named[13003]: using default UDP/IPv6 port range: [1024, 65535] Jul 31 13:43:18 fold named[13003]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 31 13:43:18 fold named[13003]: listening on IPv4 interface eth0, 195.113.57.32#53 Jul 31 13:43:18 fold named[13003]: generating session key for dynamic DNS Jul 31 13:43:18 fold named[13003]: set up managed keys zone for view _default, file 'managed-keys.bind' Jul 31 13:43:18 fold named[13003]: automatic empty zone: 0.IN-ADDR.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 254.169.IN-ADDR.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: D.F.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 8.E.F.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 9.E.F.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: A.E.F.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: B.E.F.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 31 13:43:18 fold named[13003]: automatic empty zone: 0.1.1.0.0.2.IP6.ARPA Jul 31 13:43:18 fold named[13003]: command channel listening on 127.0.0.1#953 Jul 31 13:43:18 fold named[13003]: zone 127.in-addr.arpa/IN: loaded serial 2008122601 Jul 31 13:43:18 fold named[13003]: zone localhost/IN: loaded serial 2008122601 Jul 31 13:43:18 fold named[13003]: zone iresite.org/IN: loaded serial 2009120921 Jul 31 13:43:18 fold named[13003]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Jul 31 13:43:18 fold named[13003]: managed-keys-zone ./IN: loaded serial 0 Jul 31 13:43:18 fold named[13003]: running Jul 31 13:43:18 fold named[13003]: zone iresite.org/IN: sending notifies (serial 2009120921) Jul 31 13:43:19 fold named[13003]: client 116.226.192.131#11926: query (cache) 'jonesautomation.com/MX/IN' denied Jul 31 13:43:20 fold named[13003]: client 122.163.209.55#1061: query (cache) 'gsfurniture.com/MX/IN' denied Jul 31 13:43:22 fold named[13003]: client 116.226.192.131#11926: query (cache) 'sajainc.com/A/IN' denied As you can see I miss some other file, called managed-keys.bind. Please, improve the init.d script to check for presence of all such files in advance, before attempting to startup the daemon. Improve the einfo() docs and explain the directory&file structure one is supposed to achieve. Finally, ensure user "emerge --config" will NOT overwrite their existing zone and config files (etc-update asked me only about /etc/conf.d/named.conf which I decided to keep as it was, luckily). For completeness: [ebuild R ] net-dns/bind-9.7.1_p2 USE="berkdb mysql ssl threads -dlz -doc -geoip -gssapi -idn -ipv6 -ldap -odbc -postgres -resolvconf -sdb-ldap (-selinux) -urandom -xml" 0 kB
(In reply to comment #0) > Would you please improve the einfo() message printed after install of the > bind-7.1.x package and clarify in more detail in the /etc/bind/named.conf file > what should the "emerge --config" really achieve (what files should be > created&copied over from the non-chroot directories)? I believe I used to have > /var/bind/chroot/etc/ with copies of my zone files and the idea was that remote > attacker could only modify those copies instead of the originals in /etc/. I > don't understand what is the feature of mounting /etc/bind to > /chroot/dns/etc/bind, for example. You just need to run "emerge --config bind", no need to copy extra files. emerge --config creates all required directories with proper permissions as well as the needed device files. The main reason for a chrooted named is IMHO that an attacker can not easily gain access to the main system/other files... /etc/bind will be mounted because named requires the named.conf as well as the files that will be included from it. > > The real issue which I demonstrate here is that I used to have > /var/bind/named.cache but the scripts(/deamon?) now look for /var/bind/named.ca > but are leaky and named process is started anyways. I had to kill the process > and remove /var/run/named/* files, btw. > named.ca has been renamed to named.cache. I'll add an ewarn/elog for it. /etc/init.d/named zap will also remove the pid files in /var/run/named/. > As you can see I miss some other file, called managed-keys.bind. > That's a new feature in bind-9.7.x. You can and should decide yourself if you want use it or not. That's no error. > Please, improve the init.d script to check for presence of all such files in > advance, before attempting to startup the daemon. Improve the einfo() docs and > explain the directory&file structure one is supposed to achieve. Finally, > ensure user "emerge --config" will NOT overwrite their existing zone and config > files (etc-update asked me only about /etc/conf.d/named.conf which I decided to > keep as it was, luckily). The initscript checks the chroot directory for directories and files. It will notice you in case one is missing and it also says "Your chroot dir ${CHROOT} is inconsistent, please run 'emerge --config net-dns/bind' first". emerge --config doesn't touch your zones, config files or so.. It just creates all necessary directories and devices in your chroot directory. It will change some directory or device file permissions. There is also a warning if you run "emerge --config bind" on an existing /chroot/dns directory.
(In reply to comment #1) > (In reply to comment #0) > > Would you please improve the einfo() message printed after install of the > > bind-7.1.x package and clarify in more detail in the /etc/bind/named.conf > > file what should the "emerge --config" really achieve (what files should be > > created&copied over from the non-chroot directories)? I believe I used to > > have /var/bind/chroot/etc/ with copies of my zone files and the idea was > > that remote attacker could only modify those copies instead of the > > originals in /etc/. I don't understand what is the feature of mounting > > /etc/bind to /chroot/dns/etc/bind, for example. > > You just need to run "emerge --config bind", no need to copy extra files. > emerge --config creates all required directories with proper permissions as > well as the needed device files. That I did and as I posted, the directories created do not contain copies of my zone files. Oh, I see, they will be mounted into the place ... > The main reason for a chrooted named is IMHO that an attacker can not easily > gain access to the main system/other files... > /etc/bind will be mounted because named requires the named.conf as well as the > files that will be included from it. But the attacker can overwrite these files. And my understanding is that the originals. Before the upgrade only copies of the files would be exposed. What about this link to a full path? Shouldn't it be a relative soflink? # ls -la /chroot/dns/var/bind total 20 drwxr-xr-x 4 named named 4096 Jul 31 11:56 . drwxr-xr-x 5 root root 4096 Jul 31 13:11 .. -rw-r----- 1 root named 2941 Jul 31 11:56 named.cache drwxr-xr-x 2 named named 4096 Jul 31 11:56 pri lrwxrwxrwx 1 root root 21 Jul 31 11:56 root.cache -> /var/bind/named.cache > > As you can see I miss some other file, called managed-keys.bind. > > > That's a new feature in bind-9.7.x. You can and should decide yourself if you > want use it or not. That's no error. Would be great if you tell the user. With move to Gentoo I stopped bothering to read NEWS, RELNOTES, etc. ;-) > > > Please, improve the init.d script to check for presence of all such files in > > advance, before attempting to startup the daemon. Improve the einfo() docs > > and explain the directory&file structure one is supposed to achieve. > > Finally, ensure user "emerge --config" will NOT overwrite their existing > > zone and config files (etc-update asked me only about /etc/conf.d/ > > named.conf which I decided to keep as it was, luckily). > > The initscript checks the chroot directory for directories and files. It will > notice you in case one is missing and it also says "Your chroot dir ${CHROOT} > is inconsistent, please run 'emerge --config net-dns/bind' first". > > emerge --config doesn't touch your zones, config files or so. It just creates > all necessary directories and devices in your chroot directory. > It will change some directory or device file permissions. > There is also a warning if you run "emerge --config bind" on an existing > /chroot/dns directory. Was that the previous chroot place with 9.6 version or is this a new location? Sorry, I shouldn't be lazy and check the old ebuild here. ;) Nevertheless, so additions based on my questions to einfo() texts would be great. Thanks.
(In reply to comment #2) > (In reply to comment #1) > > (In reply to comment #0) > > The main reason for a chrooted named is IMHO that an attacker can not easily > > gain access to the main system/other files... > > /etc/bind will be mounted because named requires the named.conf as well as the > > files that will be included from it. > > But the attacker can overwrite these files. And my understanding is that the > originals. Before the upgrade only copies of the files would be exposed. > > What about this link to a full path? Shouldn't it be a relative soflink? > The config files are by default root:named and 0640 so an attacker that gains access as "named" user can't usually touch your configs. > # ls -la /chroot/dns/var/bind > total 20 > drwxr-xr-x 4 named named 4096 Jul 31 11:56 . > drwxr-xr-x 5 root root 4096 Jul 31 13:11 .. > -rw-r----- 1 root named 2941 Jul 31 11:56 named.cache > drwxr-xr-x 2 named named 4096 Jul 31 11:56 pri > lrwxrwxrwx 1 root root 21 Jul 31 11:56 root.cache -> /var/bind/named.cache > > > > > As you can see I miss some other file, called managed-keys.bind. > > > > > That's a new feature in bind-9.7.x. You can and should decide yourself if you > > want use it or not. That's no error. > > Would be great if you tell the user. With move to Gentoo I stopped bothering to > read NEWS, RELNOTES, etc. ;-) I'm currently not sure if I will add it to the ebuild because _every_ user should read NEWS or ChangeLog files when upgrading to a new major version of "important" packages. The bind.keys file will also auto-created by the bind build system and it will be in your chroot after /etc/bind has been mounted. > > > > > Please, improve the init.d script to check for presence of all such files in > > > advance, before attempting to startup the daemon. Improve the einfo() docs > > > and explain the directory&file structure one is supposed to achieve. > > > Finally, ensure user "emerge --config" will NOT overwrite their existing > > > zone and config files (etc-update asked me only about /etc/conf.d/ > > > named.conf which I decided to keep as it was, luckily). > > > > The initscript checks the chroot directory for directories and files. It will > > notice you in case one is missing and it also says "Your chroot dir ${CHROOT} > > is inconsistent, please run 'emerge --config net-dns/bind' first". > > > > emerge --config doesn't touch your zones, config files or so. It just creates > > all necessary directories and devices in your chroot directory. > > It will change some directory or device file permissions. > > There is also a warning if you run "emerge --config bind" on an existing > > /chroot/dns directory. > > Was that the previous chroot place with 9.6 version or is this a new location? > Sorry, I shouldn't be lazy and check the old ebuild here. ;) > > Nevertheless, so additions based on my questions to einfo() texts would be > great. Thanks. > Its still the same as in 9.6. A ewarn for the re-named named.ca has been added so I'll close this bug as fixed for now.