Chrooting BIND

[Bill Larson]

The original poster asked a specific question, which was answered.
I suspect that an FAQ would NOT have answered the original question.

Instead of attempting to create a DNS/BIND FAQ, when there are a number
of FAQ already available (ISC has one, and the DNS Resource Directory
identifies another), the best solution to obtaining answers is to
perform a small search before asking a question.

When using Yahoo, searching for the terms "chroot dns linux", 1990
citations were returned, and the third result listed was "Securing DNS
- Linux Version", which doesn't appear perform be too bad of a job
presenting this topic.  There are also a few DNS/BIND related Linux
HOWTO documents, including a "Chroot-BIND-HOWTO" document that looks
very reasonable (sorry for the weasel words, I haven't gone over any of
these with a fine tooth comb).  When I was installing BIND in a chroot
environment on an HP-UX system, I used Ralf Hildebrandt's instructions
that I found with Yahoo searching for "chroot dns hp-ux" (which I highly
recommend).

The point is that the information already exists, all that is necessary
is for people to perform a short search using their search engine of
choice.  This search engine CAN include an explicit search of the
BIND-USERS mailing list.  But creating, and expecially managing, an FAQ
itself is a tremendous task.

Bill Larson


> Since we are getting 3 questions a week on the chrooting and the compiling,
> should someone post a FAQ or something about it on the ISC-BIND site?  This
> way when the multitudes of people keep asking, we can just say "read the
> faq"?