Setting up chroot on Solaris 9 with BIND 9 -t switch

Bill Larson bind9 at
Wed Jan 5 23:04:27 UTC 2005

On Jan 5, 2005, at 11:20 AM, kaiser_cernino at wrote:
> I was doing a jail for my dns server (named), but have 1 big problem,
> my jail dont function.
> I read a lot papers about this, but ever when i can access with my
> named user to the jail, this user can see the wide system , in other
> words dont see the jail.
> i need a procedure of how can i do a jail using solaris 9, and how can
> test this jail do its job.
> The service without jail is perfect.
> Iam using;
> BIND 9.3 downloaded from
> To consider:
> To test the jail, i set a bash shell to the user asigned to named jail.

Take a look at the "Secure BIND Template" at  There is a 
section about configuring a chroot environment for Solaris.

Please note that the only way to test a chroot environment for BIND is 
to break out of the BIND application itself over port 53.  There is no 
way to "log into the system as the chroot user" through the named 
process.  Basically, you will have to trust that the chroot environment 
functions properly.  It will if you have set up the chroot directory 
structure and are running "named" with the "-t" option.

Bill Larson

More information about the bind-users mailing list