Adam Sweet's Wiki

User Tools

Site Tools

Trace:
chrooted_dns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

chrooted_dns [2007/01/03 12:10]
adam created 		chrooted_dns [2007/01/30 14:31]
adam Codified
Line 5: Line 5:
 Run Run
  
-apt-get install bind9+  apt-get install bind9
  
 For security reasons we want to run BIND chrooted so we have to do the following steps: For security reasons we want to run BIND chrooted so we have to do the following steps:
  
-/etc/init.d/bind9 stop+  /etc/init.d/bind9 stop
  
-Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS=" -u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":+Edit the file ''/etc/default/bind9'' so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named.
  
-vi /etc/default/bind9+Modify the line: ''OPTIONS=" -u bind"'' so that it reads ''OPTIONS="-u bind -t /var/lib/named"'':
  
-OPTIONS="-u bind -t /var/lib/named" +  vi /etc/default/bind9 
-# Set RESOLVCONF=no to not run resolvconf + 
-RESOLVCONF=yes+  OPTIONS="-u bind -t /var/lib/named" 
 +  # Set RESOLVCONF=no to not run resolvconf 
 +  RESOLVCONF=yes
  
 Create the necessary directories under /var/lib: Create the necessary directories under /var/lib:
  
-mkdir -p /var/lib/named/etc +  mkdir -p /var/lib/named/etc 
-mkdir /var/lib/named/dev +  mkdir /var/lib/named/dev 
-mkdir -p /var/lib/named/var/cache/bind +  mkdir -p /var/lib/named/var/cache/bind 
-mkdir -p /var/lib/named/var/run/bind/run+  mkdir -p /var/lib/named/var/run/bind/run
  
 Then move the config directory from /etc to /var/lib/named/etc: Then move the config directory from /etc to /var/lib/named/etc:
  
-mv /etc/bind /var/lib/named/etc+  mv /etc/bind /var/lib/named/etc
  
 Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future): Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):
  
-ln -s /var/lib/named/etc/bind /etc/bind+  ln -s /var/lib/named/etc/bind /etc/bind
  
 Make null and random devices, and fix permissions of the directories: Make null and random devices, and fix permissions of the directories:
  
-mknod /var/lib/named/dev/null c 1 3 +  mknod /var/lib/named/dev/null c 1 3 
-mknod /var/lib/named/dev/random c 1 8 +  mknod /var/lib/named/dev/random c 1 8 
-chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random +  chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random 
-chown -R bind:bind /var/lib/named/var/+  chown -R bind:bind /var/lib/named/var/
-chown -R bind:bind /var/lib/named/etc/bind+  chown -R bind:bind /var/lib/named/etc/bind
  
-We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="-u syslog" so that it reads: SYSLOGD="-u syslog -a /var/lib/named/dev/log":+We need to modify the startup script /etc/init.d/sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: ''SYSLOGD="-u syslog"'' so that it reads: ''SYSLOGD="-u syslog -a /var/lib/named/dev/log"'':
  
-vi /etc/init.d/sysklogd+  vi /etc/init.d/sysklogd
  
 [...] [...]
-SYSLOGD="-u syslog -a /var/lib/named/dev/log"+  SYSLOGD="-u syslog -a /var/lib/named/dev/log"
 [...] [...]
  
 Restart the logging daemon: Restart the logging daemon:
  
-/etc/init.d/sysklogd restart+  /etc/init.d/sysklogd restart
  
 Start up BIND, and check /var/log/syslog for errors: Start up BIND, and check /var/log/syslog for errors:
  
-/etc/init.d/bind9 start+  /etc/init.d/bind9 start
  
chrooted_dns.txt · Last modified: 2016/11/25 22:38 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki