chroot-ed bind 9 (was: Users Want *Seamless* Solutions, Not Patchwork)

[Simon Waters]

Anyway a quick experiment here, Mandrake Linux 7.2, Bind
9.2mumble

My chroot jail had two files "named.conf" and
"zones/0.0.127.in-addr.arpa.rev".

Modified a few lines in named.conf to remove prefix, and
added "-t dir", and lost the prefix from the config file in
the startup file.

"/etc/init.d/named start" worked, and /var/log/messages
showed a complaint about a lack of "/dev/random" (But hey my
DNS doesn't do any random things *8-).

The server "worked", okay not a complete DNS system, but it
proves that BIND 9.2 doesn't need much in a chroot jail to
work. Now as to how much security it actually buys
you.......