configure bind in chroot jail

Renzo Marengo buckroger2011 at gmail.com
Thu Jul 31 06:58:26 UTC 2025 

Thank you very much but my issue is to understand what first step I have to
do, considering that the following rpm are just installed:

bind.x86_64
bind-chroot.x86_64
bind-dnssec-doc.noarch
bind-dnssec-utils.x86_64
bind-libs.x86_64
bind-license.noarch
bind-utils.x86_64

e.g.
chroot folder structure is just set ?
what service I have to enable at boot ? Bind or bind-chroot ?



Il giorno mer 30 lug 2025 alle ore 20:55 Danjel Jungersen via bind-users <
bind-users at lists.isc.org> ha scritto:

>
> On 7/30/2025 1:11 PM, Renzo Marengo wrote:
> > I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9
> > to create only cache DNS server which is running in chroot jail.
> > I installed several Bind packages included bind-chroot.
> > What document do you suggest me to follow to configure bind in chroot
> > jail ?
> > Thanks
> >
> Setting up as caching / forwarder is pretty straight forward:
>
> In named.conf.options :
>          recursion yes;
>          allow-query { trusted; };
>          allow-transfer { none; };
>
>          forwarders {         // From here
>                  192.168.20.10; // Replace with the servers you want to use
>                  192.168.20.11; // Same here
>          };
>          forward only;       // to here  -   must be left out if you do
> not wish to use forwarders, ie the system will do all the work itself.
>
>          dnssec-validation auto; // Check this setting before going
> online, may not suit your setup.
>
>          listen-on-v6 { any; };
>
>
> In named.conf.local:
> acl "trusted" {
>          192.168.1.0/24; // Replace with your own ip's
>          192.168.20.15/32; // Replace with your own ip's
>          127.0.0.1/32;
>          localhost;
> };
>
> I do not know anything about redhat, but as I understand, debian also
> uses chroot.
> I run debian and have had zero issues with using the default setup.
>
> Best of luck!
> Danjel
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250731/12affff4/attachment-0001.htm>

More information about the bind-users mailing list