User Tools

Site Tools


chrooted_dns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

chrooted_dns [2007/01/03 12:10]
adam created
chrooted_dns [2016/11/25 22:38]
Line 1: Line 1:
-===== How to set up chrooted DNS on Ubuntu Dapper ===== 
- 
-Taken from [[http://​www.howtoforge.com/​perfect_setup_ubuntu_6.06_p4]] 
- 
-Run 
- 
-apt-get install bind9 
- 
-For security reasons we want to run BIND chrooted so we have to do the following steps: 
- 
-/​etc/​init.d/​bind9 stop 
- 
-Edit the file /​etc/​default/​bind9 so that the daemon will run as the unprivileged user bind, chrooted to /​var/​lib/​named. Modify the line: OPTIONS="​ -u bind" so that it reads OPTIONS="​-u bind -t /​var/​lib/​named":​ 
- 
-vi /​etc/​default/​bind9 
- 
-OPTIONS="​-u bind -t /​var/​lib/​named"​ 
-# Set RESOLVCONF=no to not run resolvconf 
-RESOLVCONF=yes 
- 
-Create the necessary directories under /var/lib: 
- 
-mkdir -p /​var/​lib/​named/​etc 
-mkdir /​var/​lib/​named/​dev 
-mkdir -p /​var/​lib/​named/​var/​cache/​bind 
-mkdir -p /​var/​lib/​named/​var/​run/​bind/​run 
- 
-Then move the config directory from /etc to /​var/​lib/​named/​etc:​ 
- 
-mv /etc/bind /​var/​lib/​named/​etc 
- 
-Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future): 
- 
-ln -s /​var/​lib/​named/​etc/​bind /etc/bind 
- 
-Make null and random devices, and fix permissions of the directories:​ 
- 
-mknod /​var/​lib/​named/​dev/​null c 1 3 
-mknod /​var/​lib/​named/​dev/​random c 1 8 
-chmod 666 /​var/​lib/​named/​dev/​null /​var/​lib/​named/​dev/​random 
-chown -R bind:bind /​var/​lib/​named/​var/​* 
-chown -R bind:bind /​var/​lib/​named/​etc/​bind 
- 
-We need to modify the startup script /​etc/​init.d/​sysklogd of sysklogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="​-u syslog"​ so that it reads: SYSLOGD="​-u syslog -a /​var/​lib/​named/​dev/​log":​ 
- 
-vi /​etc/​init.d/​sysklogd 
- 
-[...] 
-SYSLOGD="​-u syslog -a /​var/​lib/​named/​dev/​log"​ 
-[...] 
- 
-Restart the logging daemon: 
- 
-/​etc/​init.d/​sysklogd restart 
- 
-Start up BIND, and check /​var/​log/​syslog for errors: 
- 
-/​etc/​init.d/​bind9 start 
  
chrooted_dns.txt ยท Last modified: 2016/11/25 22:38 (external edit)