Support of WKS records under chroot

Petr Mensik pemensik at
Mon Nov 14 14:27:46 UTC 2016

Hi everyone!

I am a new maintainer of bind package under Fedora, I hope I will contribute with more valuable code later. But simple things first.
Current BIND will not load WKS records in zones when running under chroot. named-checkzone will fail checking zone files containing WKS record. It will prevent bind from starting in chroot at all in default configuration.

It is possible to load them, if I copy /lib{,64}/* and /etc/services and /etc/protocols. Also /etc/nsswitch.conf if default configuration is not good enough.

I have found a simple workaround - to use getservbyname and/or getprotobyname calls before calling chroot call. It forces glibc library of linux to load /lib/ dynamically before it loses access to that file. An advantage is it should support any NSS library that do not need to open unix domain socket later. Of course I still have to make /etc/services and /etc/protocols accessible in chroot (or their *.db variants if db backend is used). But I do not have to make accessible executable code and that is what I want.

I am satisfied with that solution. I am not sure, whether the place I have chosen it the best for it.
Do you know better place than my patch uses? Or another simple way to make WKS records parseable under chroot?

Petr Menšík
Software Engineer
Red Hat,
email: pemensik at  PGP: 65C6C973

-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind-9.10-wks-preload.patch
Type: text/x-patch
Size: 815 bytes
Desc: not available
URL: <>

More information about the bind-workers mailing list