Date: Mon, 26 Aug 2002 19:06:31 +0200 From: Ruben de Groot <fbsd-q@bzerk.org> To: Mailing Lists <lists@imagefoundation.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: chrooted Bind follow-up questions & potential Gotcha's Message-ID: <20020826170631.GA45074@ei.bzerk.org> In-Reply-To: <5CD145A8-B908-11D6-97A5-0003935761AA@imagefoundation.com> References: <CGEIKJFNGMJHCMFBJGJFOEOKCAAA.sagacious@unixhideout.com> <5CD145A8-B908-11D6-97A5-0003935761AA@imagefoundation.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 26, 2002 at 08:27:42AM -0700, Mailing Lists typed: > Hi all, > > Well, thanks to the generous help of several individuals on this list and > the well written tutorial in the handbook on chrooting bind, I now have 2 > name servers running on FreeBSD 4.6.2. It's really not that difficult to > do, once you know what the heck's going on. > > Took me several tries over the course of a few months but hey, I'm a mac > guy. If you're having problems setting your own up, just keep pouring over > the list and the handbook, the lights will come on eventually (as they did > in my case). > > In any case, now that the glow of my triumph has started to fade, I have a > few more questions. > > - I chrooted the Bind that gets installed with FreeBSD (8.3.3, I believe > it was), and I did this in place under "/etc/namedb/", as outlined in the > handbook. A horrible thought just occurred to me though, what happens when > I update my installation now? Will FreeBSD just leave what I've done in > place? Will it magically see my chrooted Bind installation and update > Named et. al. when updates are needed? Or am I, as we say here in Canada, > hosed? Not really, but if you copied any binaries or libraries to nonstandard places you should track them, because the update process will only update files in their default locations. > > - While going through this learning process, I kept hearing of "Jail", > after getting up and running (and I mean live, up and running with about > 30 domains), the coolness of Jail finally dawned on me, and I think I'd > like to switch. Could I just copy my existing Bind installation to the > appropriate location within the jailed environment? Should, or even can > one run a chrooted Bind within a jail (talk about an onion skin approach > to security!) > > - If I were to run Bind inside a Jail, is there any way of knowing what > the minimum cruft required within the Jail is? What programs does Bind > rely on to function? Maybe this little howto I wrote about my owm bind-in-jail setup can be of some help: http://www.xs4all.nl/~rubeng/files/bindjail.html hope this helps, Ruben > > Thanks all, in advance > > Tom > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020826170631.GA45074>