Setting up chroot on Solaris 9 with BIND 9 -t switch

[Rich Parkin]

Thank you!

I found a resource at brandonhutchinson.com that gave me the information I =
needed on how to set it up.  Apparently aside from the BIND configuration, =
zone, and PID files themselves, the only thing that had to live in my jail =
was the timezone file.  If there's anything else, I haven't come across it =
yet.

-Rich

>>> <phn at icke-reklam.ipsec.nu> 4/9/2004 3:21:45 PM >>>
Rich Parkin <RParkin at ldmi.com> wrote:
> Hello, all!

> I am in the process of rebuilding our DNS servers with Solaris 9 and
> BIND 9 and have BIND working (installed in /usr/local). I'm trying to
> keep things as simple as I can so others can support it, but secure
> enough for ISP production.   I would like to set up a chroot environment
> using the -t switch.  I've looked for documentation on doing this and
> haven't found much so far.

> I have built a BIND 9 implementation on Solaris before, but my efforts
> at setting up chroot with the available documentation at the time didn't
> work (I'm not terribly skilled with Solaris yet).  Can anyone point me
> at a resource?   I've looked at the Secure BIND Template, but it doesn't
> cover use of the -t switch.

> Does the chroot environment have to be set up basically the same
> whether or not you use the -t switch?  Can anyone explain in technical
> detail what the -t switch actually does?  Any reason why I shouldn't use
> the -t switch and try to set up a traditional chroot instead?

The '-t' allows named to do the chroot() stuff itself, but after initalizat=
ion,
su much of the hassle with chroot(1) is not needed.=20

I guess you can say they are mutually exclusive.


> Richard Parkin
> System Administrator
> CCNA
> Data Center Operations
> LDMI Telecommunications


--=20
Peter H=E5kanson        =20
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.