Well the easy fix would seem to be to create /var/named/chroot/usr/etc
and put the rndc file(s) there. The whole point of chroot is to make
the chrooted directory seem to be "/" from the standpoint of the
chrooted application.

-----Original Message-----
From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
Behalf Of Chris Buxton
Sent: Tuesday, September 02, 2008 10:58 PM
To: Bind-Users users
Subject: Re: BIND 9.3.5-P1 update corrupted no longer in chroot

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sep 2, 2008, at 7:49 PM, Robert Spangler wrote:
> On Tuesday 02 September 2008 17:43, Chris Buxton wrote:
>
>> No, that's not quite it.
>>
>> The problem here is that rndc is looking for the key in /usr/etc.
>> Which tells me that the build that created rndc was './configure'd
>> with '--prefix=/usr' and no '--sysconfdir'.

>
> In the chroot environment named cannot look outside the chroot
> environment.
> So no matter what, all the information that named and rndc are
> looking for
> have to be under /var/named/chroot.


Right, but rndc is not chrooted. It's looking in /usr/etc, as
indicated by the error message.

To extrapolate, it seems reasonable to assume that named is looking
in /var/named/chroot/usr/etc for its named.conf, by default, although
of course this can be overridden on the command line (or in the init
script).

Chris Buxton
Professional Services
Men & Mice

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAki9/TkACgkQ0p/8Jp6Boi1ZyQCfTJXh6vxM/onAM6zgRrWvw1JZ
K+0AnA1z2yV1p7T4kE6qBYzph2FcMq7H
=wDxY
-----END PGP SIGNATURE-----
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------