Skip site navigation (1)Skip section navigation (2)
Date:      14 May 2001 19:00:31 +0100
From:      Wayne Pascoe <wayne.pascoe@realtime.co.uk>
To:        freebsd-questions@freebsd.org
Cc:        byron.schlemmer@realtime.co.uk
Subject:   Bind in Jail - Directory structure
Message-ID:  <86ofsvizeo.fsf@pan.realtime.co.uk>

next in thread | raw e-mail | index | archive | help
Hi all,

I've spent the last couple of hours installing bind in a chrooted
environment, and I hit some problems. I think I've solved most of
them, so I'm posting this in the hopes that it will be of help to some
other poor sod :)

The aim of the outing was to install bind-8.2.3-RELEASE onto a FreeBSD
4.3-STABLE machine in a chrooted environment. First off, I cvsup'd to
4.3-STABLE and did a make world. I made sure that NO_BIND="YES" was
commented out of my /etc/make.conf file.

Next, I created my jail tree as follows:

/var/named
/var/named/dev
/var/named/etc
/var/named/usr
/var/named/var

All these directories are owned by bind:bind, permissions 6770 

In dev/, I only have null and log. null is created by
mknod dev/null -c 2 2 from /var/named

Log is created by passing '-l /var/named/dev/log' as an argument to
syslogd at startup.

etc/ has localtime and named.conf. named.conf is just my generic named
config that I would use everywhere else, and the first part of it is
pasted below: 

----named.conf-----
options {
        // The following paths are necessary for this chroot
        directory "/var/named";
        pid-file "/var/run/named.pid";                  // _PATH_PIDFILE
        query-source address my.ip.address port 53;
//      forward only;
        forwarders {
                my.isps.nameserver;
        };

        listen-on { my.ip.address; };
};

// Deny queries for our version number except from localhost
zone "bind" chaos {
      type master;
      file "master/bind";
      allow-query {localhost; };
};
----named.conf----

The paths mentioned here, are relative to /var/named because of the
chroot. So /var/named above is actually /var/named/var/named

usr/ is as follows
usr/lib:
libc.so         libc.so.4

usr/lib/zoneinfo:
localtime       posixrules      posixtime

usr/libexec:
ld-elf.so.1     named-xfer         

The usr/lib/zoneinfo stuff I put in because I found it in a GNU/Linux
RPM of a chrooted-nameserver. I'm not sure if it's required.

The stuff in usr/libexec and usr/lib seems to be important.

var/ is as follows:

var/log/run:
named.pid       ndc

named:
all my zone files

Next, I made sure that syslog was running with the 
'-l /var/named/dev/log ' flag, and ran
named -u bind -g bind -c /var/named/etc/named.conf \
-t /var/named

All was well. 

If this is a slave server and you see things like 
May 14 18:42:22 server bind[186]: named-xfer "mydomain.com" exited with signal 6

then you should check that you have usr/lib/libc.so, usr/lib/libc.so.4
and usr/libexec/ld-elf.so.1 in your chroot tree.

I hope that this helps someone :) 

-- 
- Wayne Pascoe 
E-mail: wayne.pascoe@realtime.co.uk
Phone : +44 (0) 20 7544 4668
Mobile: +44 (0) 788 431 1675

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ofsvizeo.fsf>