Skip to content

Etc - Chroot Bind


2003-02-19

Make sure you have a user and group named bind.

# mkdir -p /usr/chroot/named
# mkdir -p dev etc/namedb/slave var/run
# cp -p /etc/namedb/named.conf /usr/chroot/named/etc/
# gcp -a /etc/namedb/* /usr/chroot/named/etc/namedb/
# chown -R bind:bind /usr/chroot/named/etc/namedb/slave
# chown bind:bind /usr/chroot/named/var/run

For FreeBSD…:

# mknod /usr/chroot/named/dev/null c 2 2
# mknod /usr/chroot/named/dev/random c 2 3

For Linux…:

# mknod /usr/chroot/named/dev/null c 1 3
# mknod /usr/chroot/named/dev/random c 1 8
# chmod 666 /usr/chroot/named/dev/{null,random}
# cp /etc/localtime /usr/chroot/named/etc/

On FreeBSD add the following line to rc.conf to enable logging:

syslogd_flags="-s -l /usr/chroot/named/dev/log"

Restart syslog…

# killall syslogd
# /usr/sbin/syslogd -s -l /usr/chroot/named/dev/log

Make sure bind has permission to access all the files it needs to, then start it up like this:

/usr/local/sbin/named -u bind -t /usr/chroot/named -c /etc/named.conf

References:
http://www.linuxsecurity.com/docs/LDP/Chroot-BIND-HOWTO.html