Chroot-BIND HOWTO
Scott Wunsch, scott at wunsch.org
v1.5, 1 December 2001
This document describes installing the BIND 9 nameserver to run in a chroot jail and as a non-root user, to provide added security and minimise the potential effects of a security compromise. Note that this document has been updated for BIND 9; if you still run BIND 8, you want the Chroot-BIND8 HOWTO instead.
1. Introduction
2. Preparing the Jail
- 2.1 Creating a User
- 2.2 Directory Structure
- 2.3 Placing the BIND Data
- 2.4 System Support Files
- 2.5 Logging
- 2.6 Tightening Permissions
3. Compiling and Installing Your Shiny New BIND
4. Installing Your Shiny New BIND
5. The End
6. Appendix - Upgrading BIND Later
7. Appendix - Thanks
8. Appendix - Document Distribution Policy
Next Previous Contents