nsd: Run in a chroot.

diff --git a/etc/nsd3/nsd.conf b/etc/nsd3/nsd.conf
index 692421db06ba363bd89a854932248c6c077714c7..b54b8476d617a6546b47223470da7f04df877b64 100644 (file)
--- a/etc/nsd3/nsd.conf
+++ b/etc/nsd3/nsd.conf
@@ -26,7 +26,7 @@ server:
        # ip6-only: no
        
        # the database to use
-       # database: "/var/lib/nsd3/nsd.db"
+       database: "/var/lib/nsd3/nsd.db"
 
        # identify the server (CH TXT ID.SERVER entry).
        # identity: "unidentified server"
@@ -41,7 +41,7 @@ server:
        # tcp-count: 10
 
        # File to store pid for nsd in.
-       # pidfile: "/var/run/nsd3/nsd.pid"
+       pidfile: "/var/lib/nsd3/nsd.pid"
 
        # port to answer queries on. default is 53.
        # port: 53
@@ -51,7 +51,7 @@ server:
 
        # Run NSD in a chroot-jail.
        # make sure to have pidfile and database reachable from there.
-       # chroot: "/etc/nsd3"
+       chroot: "/var/lib/nsd3/"
 
        # After binding socket, drop user privileges.
        # can be a username, id or id.gid.
@@ -62,7 +62,7 @@ server:
 
        # The file where incoming zone transfers are stored.
        # run nsd-patch to update zone files, then you can safely delete it.
-       # difffile: "/etc/nsd3/ixfr.db"
+       difffile: "/var/lib/nsd3/ixfr.db"
 
        # The file where secondary zone refresh and expire timeouts are kept.
        # If you delete this file, all secondary zones are forced to be