bind9 / chroot
Bevan C. Bennett
bevan at fulcrummicro.com
Mon Jan 26 18:50:40 UTC 2004
Y. Makki wrote:
> So I assume configurations files go in /var/named/chroot too. How would
> you actually run bind then, just via the regular init.d script? it is
> preconfigured and knows it has to run in a chroot?
Everything (including config files) needs to be under /var/named/chroot,
because once the chroot takes hold, that's all that the named will be
able to see. Installing the named-chroot package takes care of creating
the extra stuff in /var/named/chroot/bin and /var/named/chroot/lib that
you'll need (the trickiest part to using chroot is making sure you have
local copies of the correct libraries and binaries).
The setting
ROOTDIR=/var/named/chroot
in /etc/sysconfig/named is where you'd enable named to run in chroot
mode. This is picked up by the following code in /etc/init.d/named (You
can learn a lot by studying the startup scripts in /etc/init.d):
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
fi
daemon /usr/sbin/named -u named ${OPTIONS}
So named gets run with "-t /var/named/chroot", which 'man named' will
verify informs named to chroot itself.
The only caveat is that you should specify the paths to your files
relative to /var/named/chroot. I created a directory
/var/named/chroot/data and specify "directory "/data";" in
/var/named/chroot/etc/named.conf.
More information about the fedora-list
mailing list