www.linuxexpert.ro

Tutorials

  • Home
  • BGP Tutorials
    • Remove private AS
  • cPanel Tutorials
    • Install ImageMagick on cPanel
    • Install Softaculous
  • Linux Tutorials
    • Auto-reboot Linux after kernel panic
    • Building a firewall with Iptables
    • Change array RAID 1 disk order
    • Configure ntfs-3g on Linux Slackware
    • DHCP Option Codes
    • DansGuardian with Squid and ClamAV
    • Fetchmail for Gmail accounts
    • Install Zend & APC PHP Optimizers
    • Install Atheros AR242x PCI Express Adapter
    • Install awstats with DirectAdmin
    • Install DBD::mysql via CPAN shell
    • Install DjbDNS on Ubuntu
    • Installing fail2ban on Centos 5
    • Install GoDaddy SSL Certificate
    • Install i386 packages under x86_64
    • Install Linux via USB flashdrive
    • Install ModSecurity2 on Apache2.0.x
    • Install Nginx on CentOS
    • Install webalizer with ispconfig
    • Install intel A/B/G/N wireless on linux
    • Kernel Upgrade
    • Mobile phone access via bluetooth
    • Optimize MySQL
    • Optimize Qmail
    • Optimize server load
    • Optimize and Tune Apache for performance
    • Optimize and Tune Nginx for performance
    • Perfect Mailserver on Debian
    • Pidgin "Now Playing" Status Message
    • PHP hardening
    • PHP hardening with Suhosin
    • PHP5 Support allong with PHP4
    • Previewing your site before making DNS changes
    • Proxy Auto Configuration
    • PXE boot install rescue
    • Setup awstats on CentOS
    • Setup EC2 Amazon L2TP IPSec VPN
    • Setup email piping with Qmail
    • Setup Exim with DKIM
    • Setup Exim smart relay with cPanel
    • Setup OpenVPN
    • Setup postfix on nonstandard port
    • Setup SS5 Socks Proxy
    • Setup vsftp with no shell access
    • Sendmail smart relay with gmail auth
    • Squid proxy NCSA authentication
    • Tcpdump filters
    • Upgrade PHP to 5.3 in Plesk 10
    • Useful regular expressions
    • X with [SiS] 771/671 VGA controller
  • Joomla Tutorials
    • Hardening Joomla
    • Module Positions
    • Remove Joomla description meta tag
  • Looking Glasses
  • Optimize Firefox
  • Security
    • Crack WiFi WEP passwords
    • Defend against UDP isc.org DNS query DDOS
    • Detect DDoS attack
    • Remove malware from web sites
    • Sniff SSL passwords with ettercap
    • Snort2BGP
    • Track Hackers
    • What Is My IP
  • Troubleshooting
    • Grub error no such disk
    • named dumping master file: tmp-XXXXXXXXXX: open: permission denied
    • Nginx 413 Request Entity Too Large
    • SSH conection closed by remote host
    • Troubleshooting sis190.c
  • Unix Tutorials
    • FreeBSD reset root password
    • Installing snort on OpenBSD
    • Unix Toolbox
  • Virtualization Tutorials
    • Convert VirtualBox image to VMWare
    • VMware SNMP Enable
  • VoIP Tutorials
    • Install Elastix
    • Qos for Asterisk

Who's Online

We have 20 guests and no members online

Most Read

  • Setup SS5 Socks Proxy
  • Install webalizer with ispconfig
  • Sniff SSL passwords with ettercap
  • __404__
  • Optimize and Tune Apache for performance

Products and Services

  • Home
  • Linux Products and Services
  • Buy VPN Account
  • Privacy Policy for Linuxexpert
  • Remove malware

Home

  • Print
  • Email
Details
Parent Category: Tutorials
Published: 05 January 2010
Hits: 325

Configuring bind9 in a chroot, lenny version 


A while ago, I blogged the chrooting of bind9 on Debian, so I wouldn't forget how to do it. Things have changed slightly for Lenny, so here's the update.


The assumption is, you've got an up-to-date Debian machine, running lenny. Then:

Install bind9 and its docs and utilities:
# apt-get install bind9 bind9-doc dnsutils

It will probably autostart after install, so stop it before proceeding:
# /etc/init.d/bind9 stop

Create your chroot. This requires a minimal file tree:
# mkdir -p /var/chroot/bind9/{etc,dev,var/cache/bind,var/run/bind/run}
# chown -R bind:bind /var/chroot/bind9/var/*

And some devices:
# mknod /var/chroot/bind9/dev/null c 1 3
# mknod /var/chroot/bind9/dev/random c 1 8
# chmod 666 /var/chroot/bind9/dev/{null,random}

Move your default configuration files:
# mv /etc/bind /var/chroot/bind9/etc
# ln -s /var/chroot/bind9/etc/bind /etc/bind

Tell rsyslog to listen for log events in the chroot:
# vi /etc/rsyslog.d/bind-chroot.conf

and add the line:
$AddUnixListenSocket /var/chroot/bind9/dev/log

Tell bind9 init to use the chroot:
# vi /etc/default/bind9

and add:
OPTIONS="-u bind -t /var/chroot/bind9"

Restart syslogd and make sure it creates /dev/log in the chroot.
# /etc/init.d/rsyslog restart
Restarting system log daemon: syslogd.


# ls -al /var/chroot/bind9/dev/log
srw-rw-rw- 1 root root 0 2008-10-09 14:48 /var/chroot/bind9/dev/log

Start bind9 and make sure it works
# /etc/init.d/bind9 start
Starting domain name service...: bind.
# ps ax | grep [n]amed
5397 ? Ssl 0:00 /usr/sbin/named -u bind -t /var/chroot/bind9
# host localhost. 127.0.0.1
localhost A 127.0.0.1

Now, you're done the chroot portion. Copy over your old named.conf.local and db.yourdomain-here files, and restart again.
Tags: bind chroot debian lenny linux 
Last edited Sun 01 Nov 2009 08:26:58 AM EST

Note:

We use Hosting and VPS Hosting, from: www.star-host.org

We like and trust them.

Good prices, high security.

fShare
Tweet