Improvements for major release (2-12-18)

[ventz]

Adding comments from @tcely:

Why not just use the installed /etc/bind/bind.keys file? Downloading like this without any sort of verification seems very unsafe.

# -chown -R named:named /var/cache/bind

This line should remain.

I don't see any reason why you should change from /var/cache/bind to /var/bind but without this chown line you're going to break working configurations that mount /etc/bind and /var/cache/bind and that should be avoided.

You should only have common options in this file and add a include "/etc/bind/named.conf.options.local"; with includes in that file for both recursion and authoritative options examples.

This allows you to remove all the common options from both files and allows for easy customization of the options by the local admin.

[ventz]

Comments to each provided in place:

1085543#diff-04c6e90faac2675aa89e2176d2eec7d8

[tcely]

For the problem of bind.keys being lost with a mount, you just need to store a copy of the file elsewhere in the image.

A run statement copying /etc/bind into /usr/local/etc/ for example.

As for the /var directory changes, you seem to be confused by the documentation using zones. This should be taken to mean static zone configuration goes into /etc, the files named creates during operations rightfully belong in /var/cache/bind not /var/bind directory.

[ventz]

For the bind.keys - I can definitely push a pre-existing copy. It would have to be during the entrypoint to satisfy for people that mount over /etc.

For the dirs - just to make sure we are on the same page, here's my understanding of it:

/etc/bind = config + default (rfc1918 + in-addr.arpa zones) - as you said, anything that can be read-only on launch and not modified during run time

/var/bind = user created zones - master and dynamic

/var/lib/bind = alternative distributions - user created zones - master and dynamic

/var/cache/bind = slave dns zones (synced) **but also** for ubuntu's authoritative user created zones - master and dynamic (they use this dir beacause of apparmor)

Now personally, I've always used /etc/bind for all configs and never any user defined zones, and I've always used /var/cache/bind for all user created zones. By user created - I don't mean dynamic by the way, but "admin" pre-created. There was also /var/named back from the old OpenBSD days when bind (named) chrooted to /var/named, but the config was in /etc/bind.

What do you mean by static zone configurations vs named created? Are you referring to authoritative/master vs slave/dynamic zones? (that is - what are you referring to as "static" here?)

By the way, I want to avoid run time "hacks" in general that copy/move files around during execution. For example, if an user wants to modify options, they should override the provided ones -- the ones I am providing are just a sample of some "sane defaults", but by no means the only right solution.

[tcely]

What do you mean by static zone configurations vs named created? Are you referring to authoritative/master vs slave/dynamic zones? (that is - what are you referring to as "static" here?)

Static zone configurations are those created by the user and not those created by the software. Authoritative / secondary zones is not a useful distinction here because even master zones can have updates which result in journal files created during run time.

[tcely]

Have a look at #11 as it shows everything I was talking about in these comments.