Have you looked here:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services
They have a short mentioning of chroot.
:-)
Danjel
On 7/31/2025 9:46 PM, Renzo Marengo wrote:
i know what I want. I asked myself these questions many years ago when
I build this server. I am replacing this cache dns server with newer os.
Il giorno 31 lug 2025, alle ore 09:57, Ondřej Surý <ond...@isc.org>
ha scritto:
Perhaps the question that you should explore first would be “Why?”
and not “How?”.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do
not feel obligated to reply outside your normal working hours.
On 31. 7. 2025, at 8:58, Renzo Marengo <buckroger2...@gmail.com> wrote:
Thank you very much but my issue is to understand what first step I
have to do, considering that the following rpm are just installed:
bind.x86_64
bind-chroot.x86_64
bind-dnssec-doc.noarch
bind-dnssec-utils.x86_64
bind-libs.x86_64
bind-license.noarch
bind-utils.x86_64
e.g.
chroot folder structure is just set ?
what service I have to enable at boot ? Bind or bind-chroot ?
Il giorno mer 30 lug 2025 alle ore 20:55 Danjel Jungersen via
bind-users <bind-users@lists.isc.org> ha scritto:
On 7/30/2025 1:11 PM, Renzo Marengo wrote:
> I want to install latest rpm of Bind (9.16.23-31) for Oracle
Linux 9
> to create only cache DNS server which is running in chroot jail.
> I installed several Bind packages included bind-chroot.
> What document do you suggest me to follow to configure bind in
chroot
> jail ?
> Thanks
>
Setting up as caching / forwarder is pretty straight forward:
In named.conf.options :
recursion yes;
allow-query { trusted; };
allow-transfer { none; };
forwarders { // From here
192.168.20.10; // Replace with the servers you
want to use
192.168.20.11; // Same here
};
forward only; // to here - must be left out if
you do
not wish to use forwarders, ie the system will do all the work
itself.
dnssec-validation auto; // Check this setting before going
online, may not suit your setup.
listen-on-v6 { any; };
In named.conf.local:
acl "trusted" {
192.168.1.0/24 <http://192.168.1.0/24>; // Replace with your own
ip's
192.168.20.15/32 <http://192.168.20.15/32>; // Replace with your
own ip's
127.0.0.1/32 <http://127.0.0.1/32>;
localhost;
};
I do not know anything about redhat, but as I understand, debian
also
uses chroot.
I run debian and have had zero issues with using the default setup.
Best of luck!
Danjel
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for
more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Med venlig hilsen/Kind regards
Danjel Jungersen
Mail: dan...@jungersen.dk
Mobile: +45 20 42 20 11
Jungersen Grafisk ApS,
Holsbjergvej 39, DK-2620 Albertslund,
Denmark.
Tel: +45 43 64 10 00
WEBSHOP: PRINTLIGHT.DK <https://www.printlight.dk> | WWW.JUNGERSEN.DK
<https://www.jungersen.dk>
Logo <https://www.jungersen.dk>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
