chroot BIND 8.2.2p5

chroot BIND 8.2.2p5

Post by philip.wo.. » Sat, 10 Jun 2000 04:00:00



Hello,

Could someone point me in the direction to some decent documentation on setting
up BIND 8.2.2p5 as chroot unprivileged user.

I have looked at the various threads on this, but they aren't helping any!

Cheers (Frustrated admin)

 
 
 

chroot BIND 8.2.2p5

Post by Phil Newlo » Sat, 10 Jun 2000 04:00:00


http://www.losurs.org/docs/howto/Chroot-BIND.html - this howto covers it pretty
well.  There is also www.psionic.com/papers/dns/dns-linux/ but I found the
losurs.org to be a little better.

Phil

Quote:> Could someone point me in the direction to some decent documentation on setting
> up BIND 8.2.2p5 as chroot unprivileged user.

> I have looked at the various threads on this, but they aren't helping any!


 
 
 

chroot BIND 8.2.2p5

Post by Michael Brya » Sat, 10 Jun 2000 04:00:00



> Hello,

> Could someone point me in the direction to some decent documentation on setting
> up BIND 8.2.2p5 as chroot unprivileged user.

A couple of useful links are:

    http://www.etherboy.com/dns/chrootdns.html
        (Geared towards dual DNS on Redhat)

    http://www.psionic.com/papers/dns/dns-openbsd/
        (Geared towards OpenBSD/FreeBSD)

Neither one is 100% complete, there are gotchas such as handling the
ndc control pipe that also have to be worked out for a chroot environment,
and making sure named has write access to the location where it puts
its named.pid file.  But they both have good info, and are worth
reading.

Keep in mind that you will lose some functionality in BIND with
a chroot/nonpriv environment.  The biggest is probably that BIND
will not be able to scan for new IP addresses on interfaces to open
up a socket on port 53, since only root can bind to port 53.  Also,
the "ndc restart" function will likely not work, since the new
named process will not even start as root, and therefore will not
be able to bind to port 53 on any address.  If your IP addresses
are stable, named doesn't really need to scan for changed addresses
anyway.  Also, you can replace "ndc restart" with a custom script
to do a full restart.  Just a little work, but it's still more than
a basic no-brainer operation.

 
 
 

chroot BIND 8.2.2p5

Post by G. Roderick Singleto » Sat, 10 Jun 2000 04:00:00



> Hello,

> Could someone point me in the direction to some decent documentation on setting
> up BIND 8.2.2p5 as chroot unprivileged user.

> I have looked at the various threads on this, but they aren't helping any!

> Cheers (Frustrated admin)

You didn't check the archives well enough. On Sun May 28 07:50:55 2000,

See http://www.etherboy.com/dns/chrootdns.html.

--
________________________________________________________________________________

71 Underhill Drive, Unit 159, Toronto, ON  M3A 2J8
Voice : 416-452-4583 Fax: 416-452-0036 Toll Free: 1-888-354-PATH
________________________________________________________________________________

*** Notice To Bulk Emailers: Attention!  Pursuant to US Code, Title 47,
Chapter 5, Subchapter II, 227, any & all unsolicited commercial e-mail
sent to this address is subject to a download and archival fee in the
amount of the $1500 US and copies will be forwarded to domain
administrators.  Emailing denotes acceptance of said terms!

 
 
 

1. Upgrading from BIND 4.9 to Bind 8.2.2p5

Hi,

I am trying to upgrade my two name servers to BIND 8.2.2p5. I have some
steps give to me by Cricket but I think I missed something in my notes. Any
help or additions to the below would be helpful.

1. Get BIND-src.tar.gz
2. mkdir bind-8.2.2p5
3. zcat BIND-src.tar.gz |tar -xvf
4. cd src
5. MORE INSTALL
6. MAKE CLEAN
7. MAKE DEPEND
8. MAKE
9. cd /bin/named
10. named-boot.conf < /etc/named. > named.conf
11. tail /var/adm
12. make install

What am I missing or do I have in error. Any information would be
appreciated.

Michelle Spencer
Struggling DNS Admin
U.S. Army Corps of Engineers

2. SRTL - Need command interpretation

3. Bind 8.2 with non Bind 8.2 interoperability + AA flag

4. Will FrameMaker 5.5 Read HTML?

5. linux + bind 8.2.2p5

6. req: faq location?

7. Quetion of DNS operation(Bind 8.2.2p5)

8. Disable RSVP for NetMeeting on Windows 2000

9. Configuring bind 8.2.2P5 to log dynamic updates

10. BIND 8.2.2p5 compile error ( nslookup )

11. Compiling BIND 8.2.2P5 on Intel machine w/ Solaris 8

12. bind 8.2.2p5 won't listen on any interface

13. bind 8.2.2p5 and rfc 2181 ?