<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Have you looked here:</p>
<p><a class="moz-txt-link-freetext" href="https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services">https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_networking_infrastructure_services/assembly_setting-up-and-configuring-a-bind-dns-server_networking-infrastructure-services</a></p>
<p>They have a short mentioning of chroot.</p>
<p>:-)<br>
Danjel</p>
<div class="moz-cite-prefix">On 7/31/2025 9:46 PM, Renzo Marengo
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9AF79243-DB7C-40C4-A9EC-2B04E2220B75@gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">i know what I want. I asked myself these questions
many years ago when I build this server. I am replacing this
cache dns server with newer os. </div>
<div dir="ltr"><br>
<blockquote type="cite">Il giorno 31 lug 2025, alle ore 09:57,
Ondřej Surý <a class="moz-txt-link-rfc2396E" href="mailto:ondrej@isc.org"><ondrej@isc.org></a> ha scritto:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<meta http-equiv="content-type"
content="text/html; charset=UTF-8">
Perhaps the question that you should explore first would be
“Why?” and not “How?”.
<div><br>
</div>
<div>Ondrej</div>
<div>
<div dir="ltr">
<div>--</div>
Ondřej Surý — ISC (He/Him)
<div><br>
</div>
<div>My working hours and your working hours may be
different. Please do not feel obligated to reply outside
your normal working hours.</div>
</div>
<div dir="ltr"><br>
<blockquote type="cite">On 31. 7. 2025, at 8:58, Renzo
Marengo <a class="moz-txt-link-rfc2396E" href="mailto:buckroger2011@gmail.com"><buckroger2011@gmail.com></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Thank you very much but my issue is to understand
what first step I have to do, considering that the
following rpm are just installed:</div>
<div><br>
</div>
<div>bind.x86_64</div>
<div>bind-chroot.x86_64<br>
bind-dnssec-doc.noarch<br>
bind-dnssec-utils.x86_64<br>
bind-libs.x86_64<br>
bind-license.noarch<br>
bind-utils.x86_64</div>
<div><br>
</div>
<div>e.g. </div>
<div>chroot folder structure is just set ?</div>
<div>what service I have to enable at boot ? Bind or
bind-chroot ?</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">Il giorno mer 30 lug
2025 alle ore 20:55 Danjel Jungersen via bind-users
<<a href="mailto:bind-users@lists.isc.org"
moz-do-not-send="true"
class="moz-txt-link-freetext">bind-users@lists.isc.org</a>>
ha scritto:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
On 7/30/2025 1:11 PM, Renzo Marengo wrote:<br>
> I want to install latest rpm of Bind
(9.16.23-31) for Oracle Linux 9 <br>
> to create only cache DNS server which is
running in chroot jail.<br>
> I installed several Bind packages included
bind-chroot.<br>
> What document do you suggest me to follow to
configure bind in chroot <br>
> jail ?<br>
> Thanks<br>
><br>
Setting up as caching / forwarder is pretty straight
forward:<br>
<br>
In named.conf.options :<br>
recursion yes;<br>
allow-query { trusted; };<br>
allow-transfer { none; };<br>
<br>
forwarders { // From here<br>
192.168.20.10; // Replace with the
servers you want to use<br>
192.168.20.11; // Same here<br>
};<br>
forward only; // to here - must be
left out if you do <br>
not wish to use forwarders, ie the system will do
all the work itself.<br>
<br>
dnssec-validation auto; // Check this
setting before going <br>
online, may not suit your setup.<br>
<br>
listen-on-v6 { any; };<br>
<br>
<br>
In named.conf.local:<br>
acl "trusted" {<br>
<a href="http://192.168.1.0/24"
rel="noreferrer" target="_blank"
moz-do-not-send="true">192.168.1.0/24</a>; //
Replace with your own ip's<br>
<a href="http://192.168.20.15/32"
rel="noreferrer" target="_blank"
moz-do-not-send="true">192.168.20.15/32</a>; //
Replace with your own ip's<br>
<a href="http://127.0.0.1/32"
rel="noreferrer" target="_blank"
moz-do-not-send="true">127.0.0.1/32</a>;<br>
localhost;<br>
};<br>
<br>
I do not know anything about redhat, but as I
understand, debian also <br>
uses chroot.<br>
I run debian and have had zero issues with using the
default setup.<br>
<br>
Best of luck!<br>
Danjel<br>
-- <br>
Visit <a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.isc.org/mailman/listinfo/bind-users</a>
to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid
support subscriptions. Contact us at <a
href="https://www.isc.org/contact/"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://www.isc.org/contact/</a>
for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">bind-users@lists.isc.org</a><br>
<a
href="https://lists.isc.org/mailman/listinfo/bind-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote>
</div>
<span>-- </span><br>
<span>Visit
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to
unsubscribe from this list</span><br>
<span></span><br>
<span>ISC funds the development of this software with
paid support subscriptions. Contact us at
<a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.</span><br>
<span></span><br>
<span></span><br>
<span>bind-users mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a></span><br>
<span><a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></span><br>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
<div class="moz-signature">-- <br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
Med venlig hilsen/Kind regards<br>
Danjel Jungersen<br>
Mail: <a class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:danjel@jungersen.dk">danjel@jungersen.dk</a><br>
Mobile: +45 20 42 20 11<br>
<br>
Jungersen Grafisk ApS,<br>
Holsbjergvej 39, DK-2620 Albertslund,<br>
Denmark.<br>
Tel: +45 43 64 10 00<br>
<br>
<a href="https://www.printlight.dk" moz-do-not-send="true">WEBSHOP:
PRINTLIGHT.DK</a> | <a href="https://www.jungersen.dk"
moz-do-not-send="true">WWW.JUNGERSEN.DK</a> <br>
<br>
<a href="https://www.jungersen.dk" moz-do-not-send="true"> <img
moz-do-not-send="false"
src="cid:part1.yFedles2.ahI2b00k@jungersen.dk" alt="Logo"
width="125" height="152" border="0"></a> </div>
</body>
</html>