bind in redhat enterprise AS4
Jason Vas Dias
jvdias at redhat.com
Sun Aug 7 21:21:53 UTC 2005
On Sunday 07 August 2005 14:18, hamideh d wrote:
| hi all,
| i'm new in BIND,
| i have redhat dist on two systems,one is redhat 9 and
| another one is redhat enterprise AS4 .
| i configured BIND on both and it works well,but i saw
| some thing about chroot jail on web which uses in
| order to increase security on DNS servers,many
| articles teached to make chroot jail manually ,but i
| saw a chroot directory in redhat enterprise AS4 that
| looks work the same,it seems there is no need to make
| it manually on AS4,but i'am not sure,is there anyone
| how tell me more about this issue?
| tnx .
|
Yes, RHEL-4 provides the 'bind-chroot' package to run named in a chroot jail -
all you need to do to use it is install it - ("rpm -ivh bind-chroot-*') - and
named will be run in the chroot ( /var/named/chroot by default).
The usage of bind-chroot is fully supported by Red Hat and its usage
should be transparent.
As you say " I saw a chroot directory in redhat enterprise AS4 ", it sounds
like you are already using it . Your BIND configuration files
/etc/{named.conf,rndc.key,rndc.conf} will be links into /var/named/chroot/etc
and /etc/sysconfig/named should contain the string
"ROOTDIR=/var/named/chroot" .
Note that if you enable SELinux in Enforcing mode, the extra security provided
by the bind-chroot environment is redundant - you can 'rpm -e bind-chroot' and
your BIND installation will be just as secure as before.
Please report any issues you find with using BIND on Red Hat systems to :
https://bugzilla.redhat.com/bugzilla//enter_bug.cgi?product=Red+Hat+Enterprise+Linux&version=4&component=bind
Regards,
Jason Vas Dias <jvdias at redhat.com>
Red Hat BIND package maintainer
More information about the bind-users
mailing list