# Problems with a DNS Blackhole in FreeBSD 11



## Michael Risser (May 31, 2017)

Hello all,

I'm working on setting up a DNS Blackhole as described in this article.

I've installed bind 9.10 using ports (`cd /usr/ports/dns/bind910; make clean install`).

The article is based on the precept that namedb is in /etc, but the installer puts it in /usr/local/etc. I've created a symlink from /etc/namedb to /usr/local/etc/namedb. I did this because the spywaredomains.zones file, referenced in the article points to /etc/namedb/blockeddomain.hosts.

Everything appears to be working, but I've setup a log file for named in /var/log/named.log, which shows errors like:

```
May 31 15:06:05 bhdns named[53598]: zone mak-me.ae/IN: loading from master file /etc/namedb/blockeddomain.hosts failed: file not found
```
If I use a shell and `cd /etc/namedb` I can see the file blockeddomain.hosts and its permissions are set to 644, so it should be readable to everyone.

At this point I'm wondering if bind has an issue with symlinks. I don't know why it would, but its the only thing I can think of to account for the error in the log. (Or maybe I'm way off base here.)


----------



## SirDice (May 31, 2017)

BIND is running in a chroot(8) environment. So it's actually trying to read the files from /var/named/etc/namedb/. And those files probably don't exist there.


----------



## Michael Risser (May 31, 2017)

So would I symlink to /usr/local/etc/namedb from /var/named/etc/namedb or should I copy all of the files to /var/named/etc/namedb?


----------



## SirDice (Jun 1, 2017)

The best way forward would be to fix things so it uses /usr/local/etc/namedb properly. The rc(8) script "automagically" syncs that info to /var/namedb if needed. Have a look at the chroot_autoupdate() function inside the /usr/local/etc/rc.d/named script (don't modify this file, learn how to use it).


----------

