From 2aba319f335ea40a99330e3554d31e86d5b1c379 Mon Sep 17 00:00:00 2001
From: Mathieu Arnold <mat@FreeBSD.org>
Date: Tue, 24 Mar 2015 15:22:51 +0000
Subject: Add chroot back to BIND's startup script.

Differential Revision:	https://reviews.freebsd.org/D1952
Sponsored by:	Absolight
---
 UPDATING | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'UPDATING')

diff --git a/UPDATING b/UPDATING
index afe3c90e2dca..2daaafe2b5a3 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,24 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20150324:
+  AFFECTS: Users of dns/bind9*
+  AUTHOR: mat@FreeBSD.org
+
+  This is only for FreeBSD 10.0+.
+
+  BIND auto chroot has been added back to the named rc script.  As enabling it
+  by default would most certainly break people's setup, it is not.  To enable
+  it, and chroot it in /var/named, add the following line to your rc.conf file:
+
+  named_chrootdir="/var/named"
+
+  On first launch, the rc script will move the /usr/local/etc/namedb directory
+  into the chroot, and create a symlink to it.
+
+  Note that, if you're running from within a jail, you need to have a
+  /var/named/dev devfs created beforehand, with the null and random devices.
+
 20150323:
   AFFECTS: Users of net/asterisk* and net/pjsip ports
   AUTHOR: madpilot@FreeBSD.org
-- 
cgit v1.2.3