configure bind in chroot jail
Danjel Jungersen
danjel at jungersen.dk
Wed Jul 30 18:55:28 UTC 2025
On 7/30/2025 1:11 PM, Renzo Marengo wrote:
> I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9
> to create only cache DNS server which is running in chroot jail.
> I installed several Bind packages included bind-chroot.
> What document do you suggest me to follow to configure bind in chroot
> jail ?
> Thanks
>
Setting up as caching / forwarder is pretty straight forward:
In named.conf.options :
recursion yes;
allow-query { trusted; };
allow-transfer { none; };
forwarders { // From here
192.168.20.10; // Replace with the servers you want to use
192.168.20.11; // Same here
};
forward only; // to here - must be left out if you do
not wish to use forwarders, ie the system will do all the work itself.
dnssec-validation auto; // Check this setting before going
online, may not suit your setup.
listen-on-v6 { any; };
In named.conf.local:
acl "trusted" {
192.168.1.0/24; // Replace with your own ip's
192.168.20.15/32; // Replace with your own ip's
127.0.0.1/32;
localhost;
};
I do not know anything about redhat, but as I understand, debian also
uses chroot.
I run debian and have had zero issues with using the default setup.
Best of luck!
Danjel
More information about the bind-users
mailing list