Chroot and bind

[Cricket Liu]

Bigdakine wrote:
> Just a quick question.
> 
> I want to chroot bind and I've been examining the instructions in DNS
> and BIND. My question concerns the logging. The recommendation in D &
> B is  to use the -a option and if that is not available to use
> logging statements in the named.conf file.

It may not be the -a command-line option with your version of syslogd.
I think it's -p with the syslogd in FreeBSD, for example.

> I guess I'm wondering why wouldn't syslog do what it normally does
> when it receives a logging request from bind? Wouldn't the messages
> still go to /adm/messages regardless of whether bind is chrooted or
> not? 

No.  named normally logs by sending messages to a Unix domain
socket called /dev/log.  In a chroot() setup, named can't get to
/dev/log.  That's why it needs a /chroot/dev/log.

> Using the -a option (or -p option in Solaris ) would cause all logs
> to go to the file specified in the option, yes? I'm not sure why
> you'd want to do that. 

No, it creates an extra Unix domain socket that processes can log to.

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

The DNS and BIND Cookbook, now available!
http://www.oreilly.com/catalog/dnsbindckbk/