repository for zone files

Lightner, Jeff jlightner at
Fri Sep 24 12:03:00 UTC 2010

No the prior poster was correct - you can do chroot or SELinux or both.
While it is true that RedHat teaches SELinux and ships it you can always
disable it if you prefer not to use it.   You are asked during the
install of the OS and you can disable it or enable it any time you want
after the install.

I've heard nothing suggesting that chroot and SELinux are mutually
exclusive.  In fact RedHat teaches "security in layers" where they
encourage you to use multiple types of security rather than relying on
one thing.

-----Original Message-----
From: at
[ at] On Behalf
Of Paul Wouters
Sent: Thursday, September 23, 2010 10:31 PM
To: Jason Mitchell
Cc: bind-users at
Subject: RE: repository for zone files

On Fri, 24 Sep 2010, Jason Mitchell wrote:

> [jay at ~]$ cat /etc/redhat-release
> CentOS release 5.5 (Final)
> [jay at ~]$ yum info bind-chroot

> Name       : bind-chroot

That's only there as legacy though, to not break updating old systems
that depend on it. The recommended method to secure your nameserver when
starting from a fresh install, is to use SElinux, not chroot.

bind-users mailing list
bind-users at
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.

More information about the bind-users mailing list