repository for zone files

Jason Mitchell jm at hcn.com.au
Fri Sep 24 02:17:09 UTC 2010


On Thu, 23 Sep 2010, Paul Wouters wrote:

> Note that RHEL/CentOS/Fedora rely on SElinux instead of chroot(). The
problem
> with chroot() is needing copies of system files, which make it hard to
package
> for updates, etc. But the same applies, for SElinux policies to work
properly,
> stick with the OS.
>
> Also, /etc should not containt megabytes of zones files imho, that's much
better
> placed in /var.
>
> Paul

That's not strictly true.

[jay at clueby4.net ~]$ cat /etc/redhat-release
CentOS release 5.5 (Final)
[jay at clueby4.net ~]$ yum info bind-chroot
Loaded plugins: fastestmirror
Excluding Packages in global exclude list
Finished
Available Packages
Name       : bind-chroot
Arch       : x86_64
Epoch      : 30
Version    : 9.3.6
Release    : 4.P1.el5_4.2
Size       : 44 k
Repo       : base
Summary    : A chroot runtime environment for the ISC BIND DNS server,
named(8)
URL        : http://www.isc.org/products/BIND/
License    : BSD-like
Description: This package contains a tree of files which can be used as a
           : chroot(2) jail for the named(8) program from the BIND package.
           : Based off code from Jan "Yenya" Kasprzak <kas at fi.muni.cz>

Regards,

Jason




More information about the bind-users mailing list