chroot/etc/named/ directory?

Robert Moskowitz rgm at htt-consult.com
Wed Feb 13 19:15:05 UTC 2013 

On 02/13/2013 12:43 PM, Mike Hoskins (michoski) wrote:
> -----Original Message-----
>
> From: Robert Moskowitz <rgm at htt-consult.com>
> Date: Wednesday, February 13, 2013 10:53 AM
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
> Subject: chroot/etc/named/ directory?
>
>> I am upgrading my server from bind-9.3.6 via Centos 5.5 to 9.8.2 in
>> Centos 6.3.
>>
>> I have and will run bind chrooted and on my test setup I noticed a 'new'
>> subdirectory in the chroot tree:
>>
>> /var/named/chroot/etc/named/
>>
>> I cannot find any documentation as what is indended to be placed in this
>> subdirectory.  my includes for named.conf?
>>
>> I am assuming the pki subdirectory is for DNSSEC related files, but I
>> have not found any documentation indicating so.  But then I have not
>> plowed through DNSSEC documention in depth yet.
> If you installed bind*-chroot, it will populate the /var/named/chroot
> hierarchy.

I have been running chrooted since. Well probably when I switched from 
NT to Linux in '98. At first it was Whitehat, then Centos. I installed 
bind-chroot and though it built the /var/named/chroot tree, the only 
file is ~/etc/localtime, nothing else prepopulated. Well I DO have all 
my files from my current server to rsync over (over SSH so I don't have 
to actually run rsyncd), so it is no loss, just a question of "where is 
everything". I seem to recall this tree in previous attempts to not be 
empty. Maybe they learned it is better for someone working here to do it 
all themselves...

There are 'standard bind' files under /etc/nam* and /var/named to copy 
over if I choose (and find them more current than what I have from 2 
years ago).

> It's not strictly required (though I would suggest it), but if
> you intend to run BIND chrooted "/var/named/chroot" is essentially "/".

Learned that some years ago. Familiar with how the tree is mounted.

> You'll have to place the usual things BIND needs to operate under that
> directory -- configs, zones, etc.

Just seems that prior rpms came with a FEW files preset, like 
named.rfc1912.zones. But that was years ago and me brain is probably a 
little weak in the memory department.

> Assuming this came from the chroot RPM, you'll already have other essential pieces for chroot such as your
> null/random/zero devices.

Yes. And there are a few under ~/dev/

> Since you mention CentOS, you'll likely also
> want to pay attention to things like ROOTDIR in /etc/sysconfig/named.

Came preset. I am assuming handled by the bind-chroot rpm.

> Having said all that, you might search the archives (SRPMS have been
> provided by community members) or other sources for a newer BIND while
> you're at it...9.8.2 isn't ancient, but also not technically "up to date"
> now.

I am not up to building on my own and the few extra repos I work with 
(EPEL and rpmfusion) do not have a newer version all ready for Centos 6.3.

How bad is it? :)

> I am personally waiting for 9.9.3 to leave beta, but 9.8.4-P1
> probably makes sense for you today.  This won't affect your chroot setup,
> just something worth considering since you're upgrading.

I would want to find it already in an rpm. Once on the build it yourself 
carousel you are set there and I have other things I am suppose to be doing.

More information about the bind-users mailing list