Setting up chroot on Solaris 9 with BIND 9 -t switch

kaiser_cernino at hotmail.com kaiser_cernino at hotmail.com
Wed Jan 5 18:20:57 UTC 2005 

Hi men,

I was doing a jail for my dns server (named), but have 1 big problem,
my jail dont function.
I read a lot papers about this, but ever when i can access with my
named user to the jail, this user can see the wide system , in other
words dont see the jail.

PLZZZZZZZZZZZ!
i need a procedure of how can i do a jail using solaris 9, and how can
test this jail do its job.

The service without jail is perfect.
Iam using;
SOLARIS 9
BIND 9.3 downloaded from www.blastwave.org

To consider:
To test the jail, i set a bash shell to the user asigned to named jail.

Thx,
more thx if is necessary,

bye guys

Atte.
C=E9sar




Rich Parkin wrote:
> Thank you!
>
> I found a resource at brandonhutchinson.com that gave me the
information I =3D
> needed on how to set it up.  Apparently aside from the BIND
configuration, =3D
> zone, and PID files themselves, the only thing that had to live in my
jail =3D
> was the timezone file.  If there's anything else, I haven't come
across it =3D
> yet.
>
> -Rich
>
> >>> <phn at icke-reklam.ipsec.nu> 4/9/2004 3:21:45 PM >>>
> Rich Parkin <RParkin at ldmi.com> wrote:
> > Hello, all!
>
> > I am in the process of rebuilding our DNS servers with Solaris 9
and
> > BIND 9 and have BIND working (installed in /usr/local). I'm trying
to
> > keep things as simple as I can so others can support it, but secure
> > enough for ISP production.   I would like to set up a chroot
environment
> > using the -t switch.  I've looked for documentation on doing this
and
> > haven't found much so far.
>
> > I have built a BIND 9 implementation on Solaris before, but my
efforts
> > at setting up chroot with the available documentation at the time
didn't
> > work (I'm not terribly skilled with Solaris yet).  Can anyone point
me
> > at a resource?   I've looked at the Secure BIND Template, but it
doesn't
> > cover use of the -t switch.
>
> > Does the chroot environment have to be set up basically the same
> > whether or not you use the -t switch?  Can anyone explain in
technical
> > detail what the -t switch actually does?  Any reason why I
shouldn't use
> > the -t switch and try to set up a traditional chroot instead?
>
> The '-t' allows named to do the chroot() stuff itself, but after
initalizat=3D
> ion,
> su much of the hassle with chroot(1) is not needed.=3D20
>
> I guess you can say they are mutually exclusive.
>
>
> > Richard Parkin
> > System Administrator
> > CCNA
> > Data Center Operations
> > LDMI Telecommunications
>
>
> --=3D20
> Peter H=3DE5kanson        =3D20
>         IPSec  Sverige      ( At Gothenburg Riverside )
>            Sorry about my e-mail address, but i'm trying to keep spam
out,
> 	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list