Date: 14 May 2001 19:00:31 +0100 From: Wayne Pascoe <wayne.pascoe@realtime.co.uk> To: freebsd-questions@freebsd.org Cc: byron.schlemmer@realtime.co.uk Subject: Bind in Jail - Directory structure Message-ID: <86ofsvizeo.fsf@pan.realtime.co.uk>
next in thread | raw e-mail | index | archive | help
Hi all,
I've spent the last couple of hours installing bind in a chrooted
environment, and I hit some problems. I think I've solved most of
them, so I'm posting this in the hopes that it will be of help to some
other poor sod :)
The aim of the outing was to install bind-8.2.3-RELEASE onto a FreeBSD
4.3-STABLE machine in a chrooted environment. First off, I cvsup'd to
4.3-STABLE and did a make world. I made sure that NO_BIND="YES" was
commented out of my /etc/make.conf file.
Next, I created my jail tree as follows:
/var/named
/var/named/dev
/var/named/etc
/var/named/usr
/var/named/var
All these directories are owned by bind:bind, permissions 6770
In dev/, I only have null and log. null is created by
mknod dev/null -c 2 2 from /var/named
Log is created by passing '-l /var/named/dev/log' as an argument to
syslogd at startup.
etc/ has localtime and named.conf. named.conf is just my generic named
config that I would use everywhere else, and the first part of it is
pasted below:
----named.conf-----
options {
// The following paths are necessary for this chroot
directory "/var/named";
pid-file "/var/run/named.pid"; // _PATH_PIDFILE
query-source address my.ip.address port 53;
// forward only;
forwarders {
my.isps.nameserver;
};
listen-on { my.ip.address; };
};
// Deny queries for our version number except from localhost
zone "bind" chaos {
type master;
file "master/bind";
allow-query {localhost; };
};
----named.conf----
The paths mentioned here, are relative to /var/named because of the
chroot. So /var/named above is actually /var/named/var/named
usr/ is as follows
usr/lib:
libc.so libc.so.4
usr/lib/zoneinfo:
localtime posixrules posixtime
usr/libexec:
ld-elf.so.1 named-xfer
The usr/lib/zoneinfo stuff I put in because I found it in a GNU/Linux
RPM of a chrooted-nameserver. I'm not sure if it's required.
The stuff in usr/libexec and usr/lib seems to be important.
var/ is as follows:
var/log/run:
named.pid ndc
named:
all my zone files
Next, I made sure that syslog was running with the
'-l /var/named/dev/log ' flag, and ran
named -u bind -g bind -c /var/named/etc/named.conf \
-t /var/named
All was well.
If this is a slave server and you see things like
May 14 18:42:22 server bind[186]: named-xfer "mydomain.com" exited with signal 6
then you should check that you have usr/lib/libc.so, usr/lib/libc.so.4
and usr/libexec/ld-elf.so.1 in your chroot tree.
I hope that this helps someone :)
--
- Wayne Pascoe
E-mail: wayne.pascoe@realtime.co.uk
Phone : +44 (0) 20 7544 4668
Mobile: +44 (0) 788 431 1675
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ofsvizeo.fsf>