注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

红烧鱼

linux & windows management

 
 
 

日志

 
 
关于我
mac

专注IT基础架构设计与运维。 欢迎给我留言,或邮件沟通zjwsk@163.com

网易考拉推荐

Configuring bind9 in a chroot  

2013-03-09 22:43:45|  分类: Linux |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

http://www.dmo.ca/blog/20081009143754/

A while ago, I blogged the chrooting of bind9 on Debian, so I wouldn't forget how to do it. Things have changed slightly for Lenny, so here's the update.

The assumption is, you've got an up-to-date Debian machine, running lenny. Then:

  1. Install bind9 and its docs and utilities:

    # apt-get install bind9 bind9-doc dnsutils
    

    It will probably autostart after install, so stop it before proceeding:

    # /etc/init.d/bind9 stop
    
  2. Create your chroot. This requires a minimal file tree:

    # mkdir -p /var/chroot/bind9/{etc,dev,var/cache/bind,var/run/bind/run}
    # chown -R bind:bind /var/chroot/bind9/var/*
    

    And some devices:

    # mknod /var/chroot/bind9/dev/null c 1 3
    # mknod /var/chroot/bind9/dev/random c 1 8
    # chmod 666 /var/chroot/bind9/dev/{null,random}
    
  3. Move your default configuration files:

    # mv /etc/bind /var/chroot/bind9/etc
    # ln -s /var/chroot/bind9/etc/bind /etc/bind
    
  4. Tell rsyslog to listen for log events in the chroot:

    # vi /etc/rsyslog.d/bind-chroot.conf
    

    and add the line:

    $AddUnixListenSocket /var/chroot/bind9/dev/log
    
  5. Tell bind9 init to use the chroot:

    # vi /etc/default/bind9
    

    and add:

    OPTIONS="-u bind -t /var/chroot/bind9"
    
  6. Restart syslogd and make sure it creates /dev/log in the chroot.

    # /etc/init.d/rsyslog restart
    Restarting system log daemon: syslogd.
    
    
    # ls -al /var/chroot/bind9/dev/log
    srw-rw-rw- 1 root root 0 2008-10-09 14:48 /var/chroot/bind9/dev/log
    
  7. Start bind9 and make sure it works

    # /etc/init.d/bind9 start
    Starting domain name service...: bind.
    # ps ax | grep [n]amed
     5397 ?        Ssl    0:00 /usr/sbin/named -u bind -t /var/chroot/bind9
    # host localhost. 127.0.0.1
    localhost                   A        127.0.0.1
    

Now, you're done the chroot portion. Copy over your old named.conf.local and db.yourdomain-here files, and restart again.

  评论这张
 
阅读(682)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017