chroot - help
bind9 at comcast.net
Thu Jan 6 15:49:12 UTC 2005
On Jan 5, 2005, at 11:21 PM, saravanan ganapathy wrote:
> If I want to write querylog in /var/log/querylog, I
> have to give this in named.conf.Assume my chroot path
> is /opt/named.So that it writes on
> But I want to have log files on /var/named (not
> /opt/dns/var/named). How to do it?
You are missing the point of a "chroot" environment. Once you start
"named" in a chroot environment then it no longer has access to any of
the file system outside of the chroot environment.
My suggestion would be to create a symbolic link from
"/opt/dns/var/named", the location where you will be performing your
logging while in the chroot environment, to "/var/named" where you want
to see these log files while in the normal environment. This can be
ln -s /opt/dns/var /var/named
Be aware that you can't have a "/var/named" directory or file already
existing when you create this link.
Now, to forestall future problems and questions, you need to insure
that your "named.conf" file resides inside the chroot environment.
This is necessary to allow "named" to re-read the configuration file
when you do an "rndc reload". Assuming that your version of "named"
uses the standard "/etc/named.conf" for the configuration file, you
need to copy this to "/opt/named/etc/named.conf". To make this simple
to manage from outside the chroot environment environment, create a
symbolic link from /opt/named/etc/named.conf to /etc/named.conf. With
this link you can still manipulate the configuration by editing
/etc/named.conf as you would normally.
Notice that this link can't function in reverse. I.e., you can't have
the actual "named.conf" file in /etc and have a symbolic link from the
chroot environment pointing to it. If you were to try and do this,
named would not be able to access the file because it resides outside
of the chroot environment. Remember that the chroot environment
prevents any access to outside the environment from functioning,
including symbolic links.
As a suggestion, I would create your chroot directory structure to
mimic the real directory structure as much as possible. For example,
rather than using "/var" as the directory to save your named data
files, I would suggest using "/var/named" instead. Then, with a
symbolic link between "/opt/named/var/named" and "/var/named", you
would have complete transparency to manipulate your named data files
from inside and outside the chroot environment. I.e., the 'directory
"/var/named";' specification in named.conf would identify what would
appear to be the same "/var/named" directory in both the chroot and
Personally, I would never suggest using syslog for query logging. This
type of logging is bad enough on the system that you shouldn't want to
add the additional overhead of using syslog too. Do query logging to a
file and only running query logging when necessary to troubleshoot a
specific problem. Don't run query logging with "named" by default.
More information about the bind-users