> From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Greg Choules > via bind-users <bind-users@lists.isc.org> > Reply to: Greg Choules <gregchoules+bindus...@googlemail.com> > Date: Wednesday 6 August 2025 at 20:06 > To: Renzo Marengo <buckroger2...@gmail.com> > Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org> > Subject: Re: configure bind in chroot jailenzo. The Linux distros package > their own versions of BIND, which they obtain from ISC and patch over the > years, hence it is almost guaranteed to not be the latest. That may be OK for > you. But see here for how to install it directly if you > ZjQcmQRYFpfptBannerEnd > [snip] > > Whether you think that chroot is worth the effort is your decision. I can't > tell you not to do it, just advise that many don't use chroot and have no > issues. BIND needs to write to certain folders, depending on which features > you use. But as it is running as a normal user, if the OS won't let it, it > can't. > Maybe you should ask RedHat and its users (there must be a RH forum) what > they recommend and make your decision once you have gathered opinions from > various sources. > > Hope that helps. > Cheers, Greg
As a RH-family user, we use the COPR ISC packages with SELinux in enforcing mode and are more than happy with the level of security provided. For inline signing, we've had to make some selinux policy modifications so that BIND can create/delete keys (when not using HSM's), but other than that, it works fine out of the box. Stuart -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users