To add to what Greg says.. On Fri, 1 Aug 2025, Greg Choules via bind-users wrote:
I would suggest that, if you are really worried about losing control of a process, or it being used for remote access to your machine, or something (are either of these why you think you need chroot?) you should either/both run BIND in a VM or take a good look at your server and network security.
KVM virtualization is pretty much out of the box. Docker isn't hard. Since you are running on Linux, are you aware that systemd has its own kind of containerization which builds on features of the modern Linux kernel? Take a look at systemd-nspawn. (man systemd-nspawn) I don't have a playbook for you, unfortunately.
-- Fred Morris, internet plumber -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
