configure bind in chroot jail
Danjel Jungersen
danjel at jungersen.dk
Thu Jul 31 07:46:40 UTC 2025
On Debian I installed bind9 bind9utils and bind9-doc
Edited configuration, restarted services.
Nothing was changed or enabled besides what is mentioned below.
Sorry for not being able to help more, have not used redhat or related,
for more years than I like to remember ;-)
I remember using version 6 "some time" ago.....
//Danjel
On 7/31/2025 8:58 AM, Renzo Marengo wrote:
> Thank you very much but my issue is to understand what first step I
> have to do, considering that the following rpm are just installed:
>
> bind.x86_64
> bind-chroot.x86_64
> bind-dnssec-doc.noarch
> bind-dnssec-utils.x86_64
> bind-libs.x86_64
> bind-license.noarch
> bind-utils.x86_64
>
> e.g.
> chroot folder structure is just set ?
> what service I have to enable at boot ? Bind or bind-chroot ?
>
>
>
> Il giorno mer 30 lug 2025 alle ore 20:55 Danjel Jungersen via
> bind-users <bind-users at lists.isc.org> ha scritto:
>
>
> On 7/30/2025 1:11 PM, Renzo Marengo wrote:
> > I want to install latest rpm of Bind (9.16.23-31) for Oracle
> Linux 9
> > to create only cache DNS server which is running in chroot jail.
> > I installed several Bind packages included bind-chroot.
> > What document do you suggest me to follow to configure bind in
> chroot
> > jail ?
> > Thanks
> >
> Setting up as caching / forwarder is pretty straight forward:
>
> In named.conf.options :
> recursion yes;
> allow-query { trusted; };
> allow-transfer { none; };
>
> forwarders { // From here
> 192.168.20.10; // Replace with the servers you
> want to use
> 192.168.20.11; // Same here
> };
> forward only; // to here - must be left out if
> you do
> not wish to use forwarders, ie the system will do all the work itself.
>
> dnssec-validation auto; // Check this setting before going
> online, may not suit your setup.
>
> listen-on-v6 { any; };
>
>
> In named.conf.local:
> acl "trusted" {
> 192.168.1.0/24 <http://192.168.1.0/24>; // Replace with your own ip's
> 192.168.20.15/32 <http://192.168.20.15/32>; // Replace with your
> own ip's
> 127.0.0.1/32 <http://127.0.0.1/32>;
> localhost;
> };
>
> I do not know anything about redhat, but as I understand, debian also
> uses chroot.
> I run debian and have had zero issues with using the default setup.
>
> Best of luck!
> Danjel
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Med venlig hilsen/Kind regards
Danjel Jungersen
Mail: danjel at jungersen.dk
Mobile: +45 20 42 20 11
Jungersen Grafisk ApS,
Holsbjergvej 39, DK-2620 Albertslund,
Denmark.
Tel: +45 43 64 10 00
WEBSHOP: PRINTLIGHT.DK <https://www.printlight.dk> | WWW.JUNGERSEN.DK
<https://www.jungersen.dk>
Logo <https://www.jungersen.dk>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250731/da124403/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_m_reg_125.png
Type: image/png
Size: 24506 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250731/da124403/attachment-0001.png>
More information about the bind-users
mailing list