Setting up chroot on Solaris 9 with BIND 9 -t switch
Bill Larson
bind9 at comcast.net
Wed Jan 5 23:04:27 UTC 2005
On Jan 5, 2005, at 11:20 AM, kaiser_cernino at hotmail.com wrote:
> I was doing a jail for my dns server (named), but have 1 big problem,
> my jail dont function.
> I read a lot papers about this, but ever when i can access with my
> named user to the jail, this user can see the wide system , in other
> words dont see the jail.
>
> PLZZZZZZZZZZZ!
> i need a procedure of how can i do a jail using solaris 9, and how can
> test this jail do its job.
>
> The service without jail is perfect.
> Iam using;
> SOLARIS 9
> BIND 9.3 downloaded from www.blastwave.org
>
> To consider:
> To test the jail, i set a bash shell to the user asigned to named jail.
Take a look at the "Secure BIND Template" at
http://www.cymru.com/Documents/secure-bind-template.html. There is a
section about configuring a chroot environment for Solaris.
Please note that the only way to test a chroot environment for BIND is
to break out of the BIND application itself over port 53. There is no
way to "log into the system as the chroot user" through the named
process. Basically, you will have to trust that the chroot environment
functions properly. It will if you have set up the chroot directory
structure and are running "named" with the "-t" option.
Bill Larson
More information about the bind-users
mailing list