On Sun, Jan 16, 2005 at 02:23:54PM -0600, J.D. Bronson wrote: > I have cvs'd and built world and now I want to use the native bind9 to run > DNS. > > I am very familiar with chrooting named, but for some reason I cannot get > this going.... > > If I use ISC's bind 9 built from scratch, it will chroot just fine. > > Does anyone have a sample named.conf for chrooting that shows > loading of 1 zone and the hints file? (technically not needed with bind9, > but doesnt hurt) > > In addition, the dir structure of /var/named would be nice to see. > > normally I setup chroot jail for named like this: > > /var/named: > > drwxr-xr-x 2 root root 512 Aug 16 12:04 dev > drwxr-xr-x 2 root named 512 Aug 16 12:04 etc > drwxrwx--- 2 root named 512 Sep 1 2003 log > drwxr-xr-x 2 root root 512 Jan 16 10:02 master > drwxrwx--- 2 root named 512 Jan 16 10:04 run > drwxrwxr-x 2 root named 1024 Dec 30 19:40 slave > drwxr-xr-x 2 root root 512 Apr 7 2004 standard > > this approach does not seem to work with using STOCK named.... > > any help will be appreciated!
Take a look at the new knobs in /etc/defaults/rc.conf for controlling
the supplied BIND9.
The rc scripts do a really good job of setting it all up for you.
As for the locations of your zone files, I think you will have more
success if you put them insude ./namedb/. This how my /var/named/ is
laid out:
--->$ ls -R /var/named/
dev/ etc/ var/
/var/named/dev:
null ptyp2 ptyp4 random ttyp2 ttyp4
ptyp1 ptyp3 ptyp5 ttyp1 ttyp3 ttyp5
/var/named/etc:
localtime namedb/
/var/named/etc/namedb:
PROTO.localhost-v6.rev named.conf rndc.key
PROTO.localhost.rev named.conf.dist slave/
make-localhost named.root
master/ rndc.conf
/var/named/etc/namedb/master:
0.168.192.in-addr.arpa localhost.rev
localhost-v6.rev slightlystrange.org
/var/named/etc/namedb/slave:
/var/named/var:
dump/ log/ run/ stats/
/var/named/var/dump:
named_dump.db
/var/named/var/log:
named.run
/var/named/var/run:
log= named/ named.pid
/var/named/var/run/named:
/var/named/var/stats:
named.stats
Note that most of these files will be created for you the first time you
inoke named by means of the rc script, /etc/rc.d/named. You should
probably move aside any pre-existing config.
You can then load your zone files like this:
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/localhost.rev";
};
zone "your.domain.org" {
type master;
file "master/your.domain.org";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "master/0.168.192.in-addr.arpa";
};
HTH
Dan
--
Daniel Bye
PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc
PGP Key fingerprint: 3B9D 8BBB EB03 BA83 5DB4 3B88 86FC F03A 90A1 BE8F
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
pgpRaKgfQBl01.pgp
Description: PGP signature
