===== How to set up chrooted DNS on Ubuntu Dapper =====

Taken from [[http://www.howtoforge.com/perfect_setup_ubuntu_6.06_p4]]

Run

  apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

  /etc/init.d/bind9 stop

Edit the file ''/etc/default/bind9'' so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named.

Modify the line: ''OPTIONS=" -u bind"'' so that it reads ''OPTIONS="-u bind -t /var/lib/named"'':

  vi /etc/default/bind9

  OPTIONS="-u bind -t /var/lib/named"
  # Set RESOLVCONF=no to not run resolvconf
  RESOLVCONF=yes

Create the necessary directories under /var/lib:

  mkdir -p /var/lib/named/etc
  mkdir /var/lib/named/dev
  mkdir -p /var/lib/named/var/cache/bind
  mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

  mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):

  ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

  mknod /var/lib/named/dev/null c 1 3
  mknod /var/lib/named/dev/random c 1 8
  chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
  chown -R bind:bind /var/lib/named/var/*
  chown -R bind:bind /var/lib/named/etc/bind

We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: ''SYSLOGD="-u syslog"'' so that it reads: ''SYSLOGD="-u syslog -a /var/lib/named/dev/log"'':

  vi /etc/init.d/sysklogd

[...]
  SYSLOGD="-u syslog -a /var/lib/named/dev/log"
[...]

Restart the logging daemon:

  /etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

  /etc/init.d/bind9 start