Created attachment 151361 [details] auto-chroot merged back from base, mtree follows separately There was a lot of rumor about auto-chrooting for bind because out-of-the-box chroot support was removed along with bind from base starting with FreeBSD-10, see https://lists.freebsd.org/pipermail/freebsd-stable/2013-December/076028.html I share the opinion of the majority – it's a significant regression. So I hacked a quick back-merge from what I appreciated having had in base. It's meant to change as less as possible, and has been barely tested, but does work well in my environment. It's most probably no long term solution, but a quick one for those looking for the old behaviour we were used up to FreeBSD-10. All you have to add is named_chrootdir="/var/named" to your /etc/rc.conf and make sure the directory you define does exist. I simply took the old rc.d-script and back-merged the routines with little matching. Inside chroot, %%PREFIX%% will be stripped, so your config is in /var/named/etc/namedb e.g. (not in /var/named/usr/local/etc/namedb!!!) Feel free to like/dislike/adapt/use/forget it ;-) For easier reading, I made two patches, especially because I'm unsure if it's a good idea to install BIND.chroot.dist into %%PREFIX%%/etc/mtree. There are countless other ways to do it, but like I mentioned, I wanted to make this addition minimal-invasive in port's perspective.
Auto-assigned to maintainer mat@FreeBSD.org
Created attachment 151362 [details] Provide BIND.chroot.dist for mtree-usage, needed for first patch to work
Created attachment 151363 [details] (fixed) auto-chroot merged back from base, mtree follows separately Unfortunately I havent noticed a logik error in the original config_check, which uses symlinked named.conf unconditionally, instead of appending "-t $named_chrootdir", so the test will take place inside chrootdir. This patch replaces my first.
I haven't forgotten about this patch, I was not really happy about a few bits, and wanted to think about it a bit before working on it.
So, I started working on the dns/bind99 port, mostly because it's the one I was in when I started, and also because its support will last longer than dns/bind910. I've started a code review at https://reviews.freebsd.org/D1952 and it's pretty wet behind the ears.
Support added back in r382109.