subdirectories (/var/nsd/zones/{master,slave}) and create these in mtree.
Nearly everybody that uses NSD for slave zones that I talked to already has
this layout. Bikesh^Wdiscussed with ajacoutot florian millert and others.
ok ajacoutot@ florian@ phessler@ claudio@ jung@
often space-constrained /var filesystem was a historical mistake. There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many
in case of catastropy. But it is so poorly documented that any admin
is more likely to store the labels elsewhere, so let's stop bothering
with providing the directory. Discussed a bit, no objections.
files in their installed system. this extended documentation experience
is available better on the net using a browser installed with pkg_add.
(also note that two of the subsystems involved in this issue are heading
to the bit bucket sometime soon)
Even though occasional commits did happen to these files, they still
specify directories like /usr/share/man/cat4/tahoe, /usr/include/pascal,
/usr/X11R4 and so on, so calling them "maintained" would seem a bold claim.
ok sthen@ henning@
that is, only leave those after multiple .. and before multiple dir names.
While here, fix two comments that were actually wrong
and garbage collect one /set instruction that had no effect.
Saves 415 lines, which is 35% of the file.
ok sthen@ henning@
and use it as the default location for the DNSSEC root key. Update default
config for this location.
With this, the only step required to enable DNSSEC validation is to
uncomment these default config entries and restart:
#module-config: "validator iterator"
#auto-trust-anchor-file: "/var/unbound/db/root.key"
There is no longer a requirement to run unbound-anchor manually to
update the root key. The rc.d script will take care of updates at boot,
and Unbound will manage the file itself at runtime.
Test with "dig test.dnssec-or-not.net txt @127.0.0.1" or similar.
this hardware alive is becoming increasingly difficult, and I should heed the
message sent by the three disks which have died on me over the last few days.
Noone sane will mourn these ports anyway. So long, and thanks for the fish.