What is the use of having a chroot path during installation of Bind

Reindl Harald h.reindl at thelounge.net
Thu Jan 14 21:01:55 UTC 2016

Am 14.01.2016 um 21:48 schrieb John Miller:
> Thanks for the advice, Mike.  We chrooted our install because it was
> "best practice" security-wise, but from an administration standpoint,
> it's been a bit of a headache: for example, you have to keep straight
> what goes in /etc and /var/named/chroot/etc, you end up setting a
> $BIND_CHROOT environment variable for everyone to keep paths shorts at
> the CLI, etc.

no, you need to just put a symlink

how often do you *by hand* touch things?
normally anything is done with backends and scripts

so after once configured it don't matter if things are bekow 
/var/named/chroot/ or on a higher directory - is it worth - well, the 
question is "does it harm" and it don't after initial deployment when 
done right

security is about layers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160114/e3ae5dbf/attachment.bin>

More information about the bind-users mailing list