Just two questions:
i) Is there any reason why you decided to include the named binaries in the chroot? There is no need for them to be there, since named does the chroot internal. In fact this might represent a security hole. Consider some manages to break named and get access to the chroot enviroment. The manage to upload a trojaned vesion of the named binary somehow. The server boots and the system is wide open. This _might_ create a false sense of security. If chroot chroot ;) was used (from an external location to the chroot) or named was called say from '/use/sbin/named -t /var/secure-bind' then of course this is not an issue. Since the binary that creates the chroot is not in the chroot itself. ii) Is there a particular reason to use /var/secure-bind rather than say /var/named which seems to be some what of an informal default. I'm going to ask on the FHS mailing list about their thoughts on chroot enviroments and how it might fit in FHS policy. Nicholas
