Hi! This is what I had to do to get bind chroot()ed on my debian (mostly) stable box, maybe it´ll be useful for others.
This is "as is", your setup might differ, expect troubles, yadda, yadda. mkdir /var/local/bind mkdir /var/local/bind/etc mkdir /var/local/bind/etc/bind (cd /etc/bind; tar cv *) | (cd /var/local/bind/etc/bind; tar xv) mkdir /var/local/bind/var mkdir /var/local/bind/var/run mkdir /var/local/bind/var/cache mkdir /var/local/bind/var/cache/bind mkdir /var/local/bind/usr mkdir /var/local/bind/usr/sbin mkdir /var/local/bind/lib cp /usr/sbin/named-xfer !$/ cp /lib/libc.so.6 !$ cp /lib/ld-linux.so.2 !$ mkdir /var/local/bin/dev cd !$ mknod null c 1 3 named.conf changes, only thing for me to do was logging, since there is no syslogging out of the chroot: .-.-. logging { channel logdefault { severity info; file "/named.log"; }; category default { logdefault; }; category config { logdefault; }; category panic { logdefault; }; category update { logdefault; }; category xfer-in { logdefault; }; category xfer-out { logdefault; }; category notify { logdefault; }; category security { logdefault; }; category insist { logdefault; }; category load { logdefault; }; category response-checks { null; }; category maintenance { null; }; category os { null; }; category cname { null; }; category packet { null; }; category eventlib { null; }; category db { null; }; category ncache { null; }; category parser { null; }; category queries { null; }; category lame-servers { null; }; category statistics { null; }; }; .-.-. /etc/init.d/bind changes, taking the easy way: .-.-. <...> start) echo -n "Starting domain name service: named" /usr/sbin/named -t /var/local/bind/ <...> stop) echo -n "Stopping domain name service: named" killall /usr/sbin/named || killall -9 /usr/sbin/named <...> restart) sh $0 stop sh $0 start ;; reload) sh $0 restart ;; force-reload) sh $0 restart .-.-. If you spot errors, please let me know. cheers, &rw -- -- The difference between sex and death is that with death -- you can do it alone and no one is going to make fun of you. -- - Woody Allen ----
pgp1L0kjkS4gg.pgp
Description: PGP signature