From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 10 20:46:12 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AAF8E16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Aug 2004 20:46:12 +0000 (GMT)
Received: from mail5.dslextreme.com (mail5.dslextreme.com [66.51.199.81])
	by mx1.FreeBSD.org (Postfix) with SMTP id 7630E43D46
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Aug 2004 20:46:12 +0000 (GMT)
	(envelope-from jmlewis@dslextreme.com)
Received: (qmail 13421 invoked from network); 10 Aug 2004 20:46:11 -0000
Received: from unknown (HELO www.dslextreme.com) (66.51.199.92)
 by 192.168.8.93 with SMTP; Tue, 10 Aug 2004 20:46:11 +0000
Message-ID: <8274a13a46a1ee24a1aee4a.20040810134611.wzyrjvf@www.dslextreme.com>
In-Reply-To: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1>
References: <2400.192.168.1.1.1092125643.squirrel@192.168.1.1>
Date: Tue, 10 Aug 2004 13:46:11 -0700 (PDT)
From: "Joshua Lewis" <jmlewis@dslextreme.com>
To: "Michael Sharp" <ms@probsd.org>
User-Agent: DSL Extreme Webmail (www.dslextreme.com)
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3
Importance: Normal
X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/)
cc: freebsd-questions@freebsd.org
Subject: re: Replacing Bind8x with Bind9
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: jmlewis@dslextreme.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2004 20:46:12 -0000

> Definetly consider chrooting or jailing BIND

Would you be able to point me at a doc that explains what jailing and or
chrooting a program does. Something that shows how and when it is used. I
have seen specific examples for individual programs. However I would like
to learn how and why it works and understand how to do it for all of my
programs. Especially what the difference is between jailing and chrooting


Thank you,
Joshua Lewis



Michael Sharp
> read the /usr/ports/dns/bind9 Makefile and use the
> 'PORT_REPLACES_BASE_BIND9'
> option to make.
>
> make PORT_REPLACES_BASE_BIND9=yes install clean
>
> In rc.conf
> ----------
> named_enable="YES"
> named_program="/usr/local/sbin/named"
> named_flags="-c /usr/local/etc/namedb/named.conf -u bind"
>
>
>
> and you can also put NO_BIND= true in /etc/make.conf so that base BIND
> isn't build when you make world.
>
> Definetly consider chrooting or jailing BIND
>
> Michael
>
>