chroot-ed bind 9 (was: Users Want *Seamless* Solutions, Not Patchwork)
Simon Waters
Simon at wretched.demon.co.uk
Thu Jul 26 16:47:52 UTC 2001
Anyway a quick experiment here, Mandrake Linux 7.2, Bind
9.2mumble
My chroot jail had two files "named.conf" and
"zones/0.0.127.in-addr.arpa.rev".
Modified a few lines in named.conf to remove prefix, and
added "-t dir", and lost the prefix from the config file in
the startup file.
"/etc/init.d/named start" worked, and /var/log/messages
showed a complaint about a lack of "/dev/random" (But hey my
DNS doesn't do any random things *8-).
The server "worked", okay not a complete DNS system, but it
proves that BIND 9.2 doesn't need much in a chroot jail to
work. Now as to how much security it actually buys
you.......
More information about the bind-users
mailing list