Re: Bind918 slave reports Dumping master file...open: file not found

In reply to: bob prohaska : "Re: Bind918 slave reports Dumping master file...open: file not found"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Moin Rahman <bofh_at_freebsd.org>
Date: Sat, 17 Feb 2024 21:49:53 UTC


> On Feb 17, 2024, at 10:35 PM, bob prohaska <fbsd@www.zefox.net> wrote:
> 
> On Sat, Feb 17, 2024 at 09:53:48PM +0100, Moin Rahman wrote:
> snip
>> In some earlier versions the sample config we used to ship had relative
>> file paths I believe. And as I know that Bob has been a long term user
>> he indeed did not update the config file to the newer format where we
>> are using absolute filenames despite having directory directive.
> 
> In fact I kept the new named.conf and edited the local changes to it.
> The old named.conf was quite old and didn't resemble the new format.
> 
>> 
>> So unless you know both the technical implications which you have
>> explained here and the historical implication it's difficult to
>> understand where these directories should be created.
> 
> It's fair to say I'm a long-time user of bind, but equally fair
> to add "...not fully comprehending...". 8-)
> 
> A few comments in named.conf as to directory and file  purpose
> would have helped quite a bit. When I saw the error referring
> to "...dumping..." I thought it was a reference to
> dump-file       "/var/dump/named_dump.db";
> and when that didn't help got stuck. It remains unclear what
> dump-file is for, though I'm sure it's somewhere in the docs.
> Maybe cores?
dump-file is the file where bind dumps it's cache in case of a
service reload/restart is required.

> Is it still true that unbound is caching-only? A DNS that's part
> of FreeBSD base would be much better for me.
unbound was, is and always will be caching only server. That is
what it is built for. nsd is the counterpart for the authoritative
server. However based on certain cases like a local network some
information might be served from a local file or imported by zone
transfer. Look into auth-zone directive. Considering the fact that
DNS servers are often the case of vulnerabilities it's difficult
to update the dns server in the base rather than updating a port.
So there is less likely chance of having a DNS server in base.

> Thanks for everyone's help!
> 
> bob prohaska
> 
> 
> 
> 
> 
> 
> Named.conf has so many comments it's somewhat hard to read, but in some
> cases more might still be better.
> 
>> But then again I haven't used bind for a long time so cannot say much.
>> 
>> Kind regards,
>> Moin
> 
>