Haven't done it on RHEL/CentOS 6.x yet but in RHEL5 with the bind-chroot installed I've always had: /var/named/chroot as the jail for BIND. /var/named/chroot/etc = Location of global config files such as named.conf /var/named/chroot/var/named = Location of the zone files.
I don't see a /var/named/chroot/etc/named in RHEL5 but then again that is based on BIND 9.3. RHEL6 is almost certainly based on a higher upstream version. Since CentOS is built from RHEL source it would have that higher version as well. -----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Mike Hoskins (michoski) Sent: Wednesday, February 13, 2013 12:44 PM To: bind-users@lists.isc.org Subject: Re: chroot/etc/named/ directory? -----Original Message----- From: Robert Moskowitz <r...@htt-consult.com> Date: Wednesday, February 13, 2013 10:53 AM To: "bind-users@lists.isc.org" <bind-users@lists.isc.org> Subject: chroot/etc/named/ directory? >I am upgrading my server from bind-9.3.6 via Centos 5.5 to 9.8.2 in >Centos 6.3. > >I have and will run bind chrooted and on my test setup I noticed a 'new' >subdirectory in the chroot tree: > >/var/named/chroot/etc/named/ > >I cannot find any documentation as what is indended to be placed in >this subdirectory. my includes for named.conf? > >I am assuming the pki subdirectory is for DNSSEC related files, but I >have not found any documentation indicating so. But then I have not >plowed through DNSSEC documention in depth yet. If you installed bind*-chroot, it will populate the /var/named/chroot hierarchy. It's not strictly required (though I would suggest it), but if you intend to run BIND chrooted "/var/named/chroot" is essentially "/". You'll have to place the usual things BIND needs to operate under that directory -- configs, zones, etc. Assuming this came from the chroot RPM, you'll already have other essential pieces for chroot such as your null/random/zero devices. Since you mention CentOS, you'll likely also want to pay attention to things like ROOTDIR in /etc/sysconfig/named. Having said all that, you might search the archives (SRPMS have been provided by community members) or other sources for a newer BIND while you're at it...9.8.2 isn't ancient, but also not technically "up to date" now. I am personally waiting for 9.9.3 to leave beta, but 9.8.4-P1 probably makes sense for you today. This won't affect your chroot setup, just something worth considering since you're upgrading. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena(r), Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer --------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
