> From: bind-users on behalf of Greg Choules
> via bind-users
> Reply to: Greg Choules
> Date: Wednesday 6 August 2025 at 20:06
> To: Renzo Marengo
> Cc: "bind-users@lists.isc.org"
> Subject: Re: configure bind in chroot jailenzo. The Linux distros package
> their own versions of BIND, which
Hi Renzo.
The Linux distros package their own versions of BIND, which they obtain
from ISC and patch over the years, hence it is almost guaranteed to not be
the latest. That may be OK for you. But see here for how to install it
directly if you choose: https://kb.isc.org/docs/isc-packages-for-bind-9
Hi greg,
I'm replacing old DNS virtual server with old Bind with new one.
So I thought to build the same box with the same chroot which gives me jail
environment where *Bind is not able to access system files or outside data.*
But your words are making me think...*if you say it's not necessary.*
I
> From: "Renzo Marengo"
> Sent: Wednesday, July 30, 2025 7:11:02 AM
> I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9 to create
> only cache DNS server which is running in chroot jail.
> I installed several Bind packages included bind-chroot.
> What document do you suggest me
To add to what Greg says..
On Fri, 1 Aug 2025, Greg Choules via bind-users wrote:
I would suggest that, if you are really worried about losing control of a
process, or it being used for remote access to your machine, or
something (are either of these why you think you need chroot?) you should
e
Hi Renzo.
This is not intended to sound negative. But why are you stuck on chroot?
What benefit do you think it will bring you? It used to be the case (many
years ago) that if you started BIND as root, it ran as root and chroot made
sense then. But not anymore. It starts with some privilege, to sca
Have you looked here:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services
They have a short mentioning of chroot.
:-)
Danjel
On 7/31/2025 9:
Perhaps the question that you should explore first would be “Why?” and not “How?”. Then perhaps you should define what you are trying to achieve and ask yourself if it still make sense and what is the current state of art.I believe that dropping caps and having properly set up selinux (or AppArmor)
On Debian I installed bind9 bind9utils and bind9-doc
Edited configuration, restarted services.
Nothing was changed or enabled besides what is mentioned below.
Sorry for not being able to help more, have not used redhat or related,
for more years than I like to remember ;-)
I remember using ve
Thank you very much but my issue is to understand what first step I have to
do, considering that the following rpm are just installed:
bind.x86_64
bind-chroot.x86_64
bind-dnssec-doc.noarch
bind-dnssec-utils.x86_64
bind-libs.x86_64
bind-license.noarch
bind-utils.x86_64
e.g.
chroot folder structure
On 7/30/2025 1:11 PM, Renzo Marengo wrote:
I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9
to create only cache DNS server which is running in chroot jail.
I installed several Bind packages included bind-chroot.
What document do you suggest me to follow to configure bind in
Hi,
I am not aware of a specific guide for doing this. There is
information in the ARM however:
- https://bind9.readthedocs.io/en/latest/chapter7.html#chroot-and-setuid
- https://bind9.readthedocs.io/en/latest/manpages.html#cmdoption-named-t
- https://bind9.readthedocs.io/en/latest/manpages.html#
12 matches
Mail list logo
