If ddns update is enabled, named needs to be able to create a <zone>.jnl file in the data directory. The /var/bind directory as created by the ebuild is owned by root. Since the startup script runs the daemon as user named, it fails to create the journal file. The ebuild should also create a default named.conf so users don't get confused about the location of the pid file. The ebuild creates a /var/run/named directory. The named daemon defaults to writing the pid file to a file named /var/run/named. The administrator needs to know to put a pid-file directive in the options section of named.conf or else the pid file doesn't get created and the daemon isn't shutdown properly. A better solution might be to let bind use its default pid location (/var/run), and change the ebuild to not create /var/run/bind. I also think it would be better to not change the bind source code in the ebuild and instead use the -c config file option in the startup script. Attached is my named.conf. This is my first bug submission, so I apologize if this isn't formatted correctly. options { directory "/var/bind"; forward first; forwarders { 207.233.128.21; 207.233.168.21; }; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ query-source address * port 53; pid-file "/var/run/named/named.pid"; }; // zone "." IN { type hint; file "root.cache"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "pri/127.0.0"; allow-update {none; }; notify no; }; zone "<your-domain>.com" IN { type master; file "your-domain.com"; allow-update { key my-key; }; notify no; }; zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1"; allow-update { key my-key; }; notify no; }; key "my-key" { algorithm hmac-md5; secret "<generate your own key here>"; };
I updated the ebuild, emerging bind-9.2.1-r1 should solve all your problems as well as several other bugs I found. Take a peek @ http://www.gentoo.org/cgi-bin/viewcvs.cgi/gentoo-x86/net-misc/bind/ I also took in to consideration several of your suggestions. > The /var/bind directory as created by the ebuild is owned by root. All fixed. > The ebuild should also create a default named.conf so users don't get confused about the location of the pid file... Yes, created a default named.conf file. > A better solution might be to let bind use its default pid location (/var/run), and change the ebuild to not create /var/run/bind. This would be better, but we run in to a problem. BIND creates the pid file as the user it is set to run as, and in our case the user named. The named user doesn't have ample permission to write to /var/run, and instead of doing some trick with file permissions, it is simpler and for the most part safer to give BIND its own directory which it does have write permissions to. > I also think it would be better to not change the bind source code in the ebuild and instead use the -c config file option in the startup script. I was all for this, until I started to think about it a little more. Many other daemons have their own configuration directory (ie apache, ssh, cups, proftpd), and I like the idea of my rndc key being stored a little off to the side. I also created symlinks to /var/bind/pri and /var/bind/sec in /etc/bind so that someone can easily find all the configuration files from just looking in /etc/bind. I also stole the named.conf man page from other distros, so someone can easily update their named.conf a little easier. (Where is the man page for named.conf in the source tarball?)
