On Wednesday 31 December 1969 17:00, Gergely Trifonov wrote: > > dave, > running BIND as a non-privileged user is a good idea, but putting it > into a chroot jail _and > _ running as a non-root user is much safer. > i've recently created a chroot'd BIND and use it on a production server; > it's not that difficult. if you want to do this, the chroot-BIND8 howto > is your friend: http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html > > this document is really good, but some additional work needs to be done > to get the thing work on debian. >
Remember to statically compile BIND if your going to place it in a chroot jail, there's another document on securing BIND at http://www.psionic.com/papers/dns/dns-linux Have fun. Stef
