> From: bind-users <bind-users-boun...@lists.isc.org> on behalf of Greg Choules 
> via bind-users <bind-users@lists.isc.org>
> Reply to: Greg Choules <gregchoules+bindus...@googlemail.com>
> Date: Wednesday 6 August 2025 at 20:06
> To: Renzo Marengo <buckroger2...@gmail.com>
> Cc: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
> Subject: Re: configure bind in chroot jailenzo. The Linux distros package 
> their own versions of BIND, which they obtain from ISC and patch over the 
> years, hence it is almost guaranteed to not be the latest. That may be OK for 
> you. But see here for how to install it directly if you
> ZjQcmQRYFpfptBannerEnd
> 
[snip]
>
> Whether you think that chroot is worth the effort is your decision. I can't 
> tell you not to do it, just advise that many don't use chroot and have no 
> issues. BIND needs to write to certain folders, depending on which features 
> you use. But as it is running as a normal user, if the OS won't let it, it 
> can't.
> Maybe you should ask RedHat and its users (there must be a RH forum) what 
> they recommend and make your decision once you have gathered opinions from 
> various sources.
> 
> Hope that helps.
> Cheers, Greg

As a RH-family user, we use the COPR ISC packages with SELinux in enforcing 
mode and are more than happy with the level of security provided.

For inline signing, we've had to make some selinux policy modifications so that 
BIND can create/delete keys (when not using HSM's), but other than that, it 
works fine out of the box.

Stuart

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to