chrooting BIND [was -Re: Here I am again, hat in hand with humble demeanor.......]

Kevin Oberman oberman at
Mon Sep 27 23:12:28 UTC 2010

> Date: Mon, 27 Sep 2010 09:46:44 -0500
> From: Jerry Kemp <dns.bind.list at>
> Sender: at
> IMHO, the primary benefit of chrooting is security.
> another, less painful option, again IMHO, is to run BIND in a jail if
> you are using BSD, or a zone if you are on Solaris, or a Solaris based
> distro.

While both are pretty simple to do on BSD, jail is far more secure, but
I certainly find setting up jails more complex than chrooting. (Besides,
the FreeBSD BIND is chrooted by default, so there is nothing to set up.)
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

More information about the bind-users mailing list