chroot-ed bind 9 (was: Users Want *Seamless* Solutions, Not Patchwork)

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 26 20:46:06 UTC 2001


No, the dynamic binding occurs before named chroot()'s. So no libraries are
necessary.

As for "a copy of syslog", I have no idea what you're talking about here. named
communicates with syslog over a socket. It's not constantly spawning a program
every time it needs to log a message...


- Kevin

Christopher L. Barnard wrote:

> That is not possible.  An ldd on named shows that the binary requires several
> libraries.  In order to syslog the daemon one has to have a copy of syslog,
> its configuration file, and all of the libraries it needs in the jail.
>
> I am talking about BIND 9 on Solaris 7, btw, which I have set up and am
> using.
>
> Christopher
> +-----------------------------------------------------------------------+
> | Christopher L. Barnard         O     When I was a boy I was told that |
> | cbarnard at tsg.cbot.com         / \    anybody could become president.  |
> | (312) 347-4901               O---O   Now I'm beginning to believe it. |
> | http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
> +----------PGP public key available via finger or PGP keyserver---------+
>
> > I just set up BIND 9 to run chroot'ed on my Solaris 8 workstation. It
> > didn't need any device nodes or library files -- just the config file,
> > somewhere to write the pid-file, and of course the data directory. A grand
> > total of 3 directories, not including intermediate directory levels. It's
> > running fine -- answering queries from authoritative data, resolving
> > recursive queries iteratively, transferring zones in and out, syslogging
> > what it is supposed to be syslogging; all the usual stuff one would expect
> > a DNS implementation to do. I don't know why the documentation says what it
> > does, i.e. you need /dev/null and library files. Maybe that's for the
> > benefit of more primitive (*cough*) operating systems than Solaris.
> >
> > [...]
> >
> > -Kevin





More information about the bind-users mailing list