Chroot and bind
cricket at menandmice.com
Tue Oct 22 21:52:33 UTC 2002
> Just a quick question.
> I want to chroot bind and I've been examining the instructions in DNS
> and BIND. My question concerns the logging. The recommendation in D &
> B is to use the -a option and if that is not available to use
> logging statements in the named.conf file.
It may not be the -a command-line option with your version of syslogd.
I think it's -p with the syslogd in FreeBSD, for example.
> I guess I'm wondering why wouldn't syslog do what it normally does
> when it receives a logging request from bind? Wouldn't the messages
> still go to /adm/messages regardless of whether bind is chrooted or
No. named normally logs by sending messages to a Unix domain
socket called /dev/log. In a chroot() setup, named can't get to
/dev/log. That's why it needs a /chroot/dev/log.
> Using the -a option (or -p option in Solaris ) would cause all logs
> to go to the file specified in the option, yes? I'm not sure why
> you'd want to do that.
No, it creates an extra Unix domain socket that processes can log to.
Men & Mice
DNS Software, Training and Consulting
The DNS and BIND Cookbook, now available!
More information about the bind-users