<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div dir="ltr">i know what I want. I asked myself these questions many years ago when I build this server. I am replacing this cache dns server with newer os. </div><div dir="ltr"><br><blockquote type="cite">Il giorno 31 lug 2025, alle ore 09:57, Ondřej Surý <ondrej@isc.org> ha scritto:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><meta http-equiv="content-type" content="text/html; charset=utf-8">Perhaps the question that you should explore first would be “Why?” and not “How?”. <div><br></div><div>Ondrej</div><div><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 31. 7. 2025, at 8:58, Renzo Marengo <buckroger2011@gmail.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div>Thank you very much but my issue is to understand what first step I have to do, considering that the following rpm are just installed:</div><div></div><div><br></div><div>bind.x86_64</div><div>bind-chroot.x86_64<br>bind-dnssec-doc.noarch<br>bind-dnssec-utils.x86_64<br>bind-libs.x86_64<br>bind-license.noarch<br>bind-utils.x86_64</div><div><br></div><div>e.g. </div><div>chroot folder structure is just set ?</div><div>what service I have to enable at boot ? Bind or bind-chroot ?</div><div><br></div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">Il giorno mer 30 lug 2025 alle ore 20:55 Danjel Jungersen via bind-users <<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
On 7/30/2025 1:11 PM, Renzo Marengo wrote:<br>
> I want to install latest rpm of Bind (9.16.23-31) for Oracle Linux 9 <br>
> to create only cache DNS server which is running in chroot jail.<br>
> I installed several Bind packages included bind-chroot.<br>
> What document do you suggest me to follow to configure bind in chroot <br>
> jail ?<br>
> Thanks<br>
><br>
Setting up as caching / forwarder is pretty straight forward:<br>
<br>
In named.conf.options :<br>
recursion yes;<br>
allow-query { trusted; };<br>
allow-transfer { none; };<br>
<br>
forwarders { // From here<br>
192.168.20.10; // Replace with the servers you want to use<br>
192.168.20.11; // Same here<br>
};<br>
forward only; // to here - must be left out if you do <br>
not wish to use forwarders, ie the system will do all the work itself.<br>
<br>
dnssec-validation auto; // Check this setting before going <br>
online, may not suit your setup.<br>
<br>
listen-on-v6 { any; };<br>
<br>
<br>
In named.conf.local:<br>
acl "trusted" {<br>
<a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a>; // Replace with your own ip's<br>
<a href="http://192.168.20.15/32" rel="noreferrer" target="_blank">192.168.20.15/32</a>; // Replace with your own ip's<br>
<a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">127.0.0.1/32</a>;<br>
localhost;<br>
};<br>
<br>
I do not know anything about redhat, but as I understand, debian also <br>
uses chroot.<br>
I run debian and have had zero issues with using the default setup.<br>
<br>
Best of luck!<br>
Danjel<br>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>
<span>-- </span><br><span>Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list</span><br><span></span><br><span>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.</span><br><span></span><br><span></span><br><span>bind-users mailing list</span><br><span>bind-users@lists.isc.org</span><br><span>https://lists.isc.org/mailman/listinfo/bind-users</span><br></div></blockquote></div></div></blockquote></body></html>