Are there relatively recent instructions on how to build BIND from source and
run it in a chroot environment? It sounds obvious but everything I've come
across assumes BIND is provided by some package manager or included with the
operating system. I'd like to build the latest version of BIND and run it in
a chroot environment. I know you have to pre-populate the chroot directories
but am not entirely clear on everything that's needed.
FWIW, I've been running BIND on Ubuntu, which uses AppArmor
(https://help.ubuntu.com/12.10/serverguide/apparmor.html) to control file
access by applications and services. I'm not able to argue the relative merits
of chroot vs. AppArmor vs. other alternatives such as SELinux and SMACK. But
stipulating for the moment that AppArmor is a reasonable alternative, it is
fairly easy to use it with BIND 9 built from source. I start by installing the
current packaged version of BIND on a snapshotted Ubuntu virtual machine that I
can subsequently roll back. I save the files /etc/apparmor.d/usr.sbin.named and
/etc/apparmor.d/local/usr.sbin.named, which I then place in my
built-from-source BIND 9 installation. For this to work without modifying the
file user.sbin.named, I use in my build the same ancillary directories that the
Ubuntu package uses: /etc/bind for configuration files, /var/lib/bind for
master zone data and DNSSEC keys, and /var/cache/bind for secondary zone data.
Otherwise y
ou can modify the file usr.sbin.named, which you should examine in conjunction
with the AppArmor documentation for the details. You can deconstruct the Ubuntu
bind9 source package (http://packages.ubuntu.com/quantal/bind9) to see
everything else that the package installer does to set up BIND 9. Note that
Ubuntu 13.04 (Raring Ringtail), due to be released in late April, will be the
first Ubuntu version to include a packaged BIND 9.9.x.
Jeffry A. Spain, Network Administrator
Cincinnati Country Day School
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users