Bind chroot configuration

Discussion in 'Installation/Configuration' started by Toffee, Dec 6, 2005.

  1. Toffee

    Toffee New Member


    I've got few questions about bind chroot configuration.

    Many tutorials explane that we must create an entire directory structure in the chroot directory. It means that libraries and binaries of Bind are present in the chroot directory. Many others indicate that CHROOT_DIR/dev, CHROOT_DIR/etc and CHROOT_DIR/var are sufficient and so, libraries and binaries aren't in the chroot directory.

    What is the difference between these two configurations? What is the best configuration in term of security?

    Thanks a lot for your response.
  2. falko

    falko Super Moderator Howtoforge Staff

    I think that those are two different approaches. E.g., in this howto we don't need all the libraries etc. in the chroot jail because we tell Bind's init script to run Bind chrooted (by putting
    OPTIONS="-u bind -t /var/lib/named"
    into /etc/default/bind9). I think it's a lot easier than putting all the libraries etc. into the chroot jail...
  3. public_domain

    public_domain New Member

    then should i not see something in either

    OPTIONS="-u bind -t /var/lib/named"
    (as it is, no .../named and no ../bind9)
  4. falko

    falko Super Moderator Howtoforge Staff

    What is the question? :confused:
  5. public_domain

    public_domain New Member

    does this reference [OPTIONS="-u bind -t /var/lib/named"] point to a directory that is supposed to be there real or symlink?
  6. falko

    falko Super Moderator Howtoforge Staff

    -u bind means the user bind. /var/lib/named is a directory and must exist. BIND will run chrooted in that directory.
  7. Deem3n®

    Deem3n® New Member

    There is no matter how to use BIND in chroot.

    Take a look to this guide. In that example BIND is running at /chroot/named directory

Share This Page