'succesful' nsupdate of remote server not persistent across nameserver restart?

jasonsu at mail-central.com jasonsu at mail-central.com
Mon Apr 25 18:13:36 UTC 2016



On Mon, Apr 25, 2016, at 10:58 AM, Matthew Pounsett wrote:
> It's not clear to me why one would want to destroy/rebuild the chroot every
> time you restart the process. 

Well, here

(1) Because I inherited it this way, and
(2) The notes' quoted examples did that too, and
(3) I'd not yet gotten any/good advice NOT to (security?)

TBH, I'm not even sure whether "these days", chroot is still recommended.  Apparmor or Docker instead? Is privsep taken care of in current bind so we don't have to worry about it anymore (e.g., the openntpd vs ntpd case)?  I'm not clear on it.

> However, as long as you're doing that you
> should make sure that all the important files are preserved.  As you noted
> earlier, it looks like your journal file is probably not preserved.  I'd
> start there, and if that doesn't fix it, then have a careful look at what's
> in your chroot tree before you shut down the server, and compare that to
> what's in the chroot after you start it up again.

Good suggestion.  Will give it a try.

Jason


More information about the bind-users mailing list