> Okay so we will go for BIND. However I'd like to see BIND chrooted as
default in
> debian or at least have an easy option to. I think I'll contact the
package
> maintainer :-)
Better not...
read the documentation of the bind package, it's all documented why bind is
not chrooted by default.
quote follows.
Good luck,
Wouter
/usr/share/doc/bind9/README.Debian.gz
Running Chroot'ed:
-----------------
Several users have asked for Debian BIND to run in a "chroot jail". There
are
various issues associated with making this the default configuration for the
package in Debian. In the meantime, reasonable instructions on how to do
this yourself are available on the web from:
http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO.html
Running Non-Root:
-----------------
Recent versions of named can be invoked with options that specify a non-root
user and/or group for named. Read the named man page for more information.
Note that if you run named as a user other than root, it will not be able to
find new interfaces that appear dynamically, such as during a PCMCIA card
insertion, or if you're running some flavors of IPSEC and/or IP over IP
tunnels. If you can live with those limitations, feel free to edit the
/etc/init.d/bind script to add appropriate options to the invocation of
named.
Because of the issues, I am not yet prepared to ship the Debian package
running non-root by default... it would be very confusing to many users. I
may make it the default but allow root execution as an option sometime soon
by adding debconf support to the BIND package. If you're passionate about
this, feel free to do the work and submit a suggested patch as a wishlist
bug against the package bind9.
