What is the use of having a chroot path during installation of Bind

Reindl Harald h.reindl at thelounge.net
Thu Jan 14 21:44:44 UTC 2016

Am 14.01.2016 um 22:37 schrieb John Miller:
> On Thu, Jan 14, 2016 at 4:01 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> normally anything is done with backends and scripts
> Yep - via Puppet and scripting for us, mostly.
>> so after once configured it don't matter if things are bekow
>> /var/named/chroot/ or on a higher directory - is it worth - well, the
>> question is "does it harm" and it don't after initial deployment when done
>> right
> For the most part, I agree with you here.  That said, for someone with
> very little BIND and Unix experience--say someone who primarily
> manages Windows--to come in and understand a chrooted installation
> isn't as easy as a non-chrooted install

sorry, but someone with "very little BIND and Unix experience" should 
not reach a level on a server where he recognizes a differene *until* he 
has expierience

sacrifice any level of security just because someone may not understand 
a proper setup is for sure not the way to go

in case of "all of your bind config is below /var/named/chroot/" it 
should be enough told once to understand how to deal with it and if not 
it's a good sign to remove acess for the person given that on 
CentOS/RHEL/Fedora bind-chroot works out-of-the-box without any intervention

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160114/1f8a703f/attachment.bin>

More information about the bind-users mailing list