Well, I got it all to work, even loging :-D BIND is ran under user and group named, and restrained into a chroot jail.
My directory structure looks like: *the file permissions are also configured according to the Chroot-BIND-HOWTO [EMAIL PROTECTED]:/# du -a /chroot 0 /chroot/named/dev/log 0 /chroot/named/dev/null 1 /chroot/named/dev 4 /chroot/named/etc/bind/db.0 4 /chroot/named/etc/bind/db.local 4 /chroot/named/etc/bind/db.127 4 /chroot/named/etc/bind/db.255 4 /chroot/named/etc/bind/db.root 21 /chroot/named/etc/bind 4 /chroot/named/etc/group 4 /chroot/named/etc/named.conf 4 /chroot/named/etc/localtime 33 /chroot/named/etc 92 /chroot/named/lib/ld-2.2.3.so 1100 /chroot/named/lib/libc-2.2.3.so 0 /chroot/named/lib/ld-linux.so.2 0 /chroot/named/lib/libc.so.6 1193 /chroot/named/lib 0 /chroot/named/var/run/ndc 4 /chroot/named/var/run/named.pid 5 /chroot/named/var/run 4 /chroot/named/var/cache/bind/named_dump.db 5 /chroot/named/var/cache/bind 5 /chroot/named/var/cache 10 /chroot/named/var 2300 /chroot/named/usr/sbin/named 2301 /chroot/named/usr/sbin 2301 /chroot/named/usr 3538 /chroot/named 3538 /chroot However, I did have to downgrade to BIND 8.2.4. I did so because I needed to compile a statically linked version of the named binary. (BIND 9's source is different and I had no docs to follow on it) I got a few questions about my chroot'ed DNS setup. I basically followed the instructions on the Psionic Software web site and the Chroot-BIND-How-to. However, I noticed two differences between the documents. 1. Psionic's doc recomends that you compile a statically linked named binary and then copy it into your chroot tree while the Chroot-BIND-Howto recomends that you compile and install BIND directly into your chroot tree. 2. the Chroot-BIND-Howto recomends that you create a /chroot/named/lib directory and copy your systems C libraries into it so that BIND can access them. My questions are, what's the difference between a normal compilation and a statically linked one? Why would you place the C libraries into your chroot tree? I'm no newbie to Linux, but I'm no expert when it comes to sysadmin tasks and software compilation (Dam that apt daemon!!) I would appreciate it if some of you guru's could give me a little detail on these subjects. Thanks Stef BTW, I edited named.conf and commented out the query source port statement, I'm going to have to edit my IPtables script to match this new behavior in my BIND daemon. -> thanks for the tip(s) :-D
