Chroot-BIND8 HOWTO
Scott Wunsch, scott at wunsch.org
v1.4, 1 July 2001
This document describes installing the BIND 8 nameserver to run in a chroot jail and as a non-root user, to provide added security and minimise the potential effects of a security compromise. This version of the document covers the old but still popular BIND 8; there is another document which provides similar information for BIND 9.
1. Introduction
2. Preparing the Jail
- 2.1 Creating a User
- 2.2 Directory Structure
- 2.3 Placing the BIND Data
- 2.4 System Support Files
- 2.5 Logging
3. Compiling BIND
4. Installing Your Shiny New BIND
- 4.1 Installing the Tools Outside the Jail
- 4.2 Installing the Binaries in the Jail
- 4.3 Setting up the Init Script
- 4.4 Configuration Changes
5. The End
6. Appendix - Upgrading BIND Later
7. Appendix - Thanks
8. Appendix - Document Distribution Policy
Next Previous Contents