From owner-freebsd-questions Mon May 14 11: 5:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clientmail.realtime.co.uk (simian.realtime.co.uk [194.205.134.131]) by hub.freebsd.org (Postfix) with ESMTP id 2A25D37B423 for ; Mon, 14 May 2001 11:05:15 -0700 (PDT) (envelope-from waynep@pan.realtime.co.uk) Received: from pan.realtime.co.uk ([194.205.134.207]) by clientmail.realtime.co.uk with esmtp (Exim 3.20 #1) id 14zMiY-0000IL-01; Mon, 14 May 2001 19:05:14 +0100 Received: from waynep by pan.realtime.co.uk with local (Exim 3.22 #1) id 14zMdz-000248-00; Mon, 14 May 2001 19:00:31 +0100 From: Wayne Pascoe To: freebsd-questions@freebsd.org Cc: byron.schlemmer@realtime.co.uk Subject: Bind in Jail - Directory structure Date: 14 May 2001 19:00:31 +0100 Message-ID: <86ofsvizeo.fsf@pan.realtime.co.uk> Lines: 100 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all, I've spent the last couple of hours installing bind in a chrooted environment, and I hit some problems. I think I've solved most of them, so I'm posting this in the hopes that it will be of help to some other poor sod :) The aim of the outing was to install bind-8.2.3-RELEASE onto a FreeBSD 4.3-STABLE machine in a chrooted environment. First off, I cvsup'd to 4.3-STABLE and did a make world. I made sure that NO_BIND="YES" was commented out of my /etc/make.conf file. Next, I created my jail tree as follows: /var/named /var/named/dev /var/named/etc /var/named/usr /var/named/var All these directories are owned by bind:bind, permissions 6770 In dev/, I only have null and log. null is created by mknod dev/null -c 2 2 from /var/named Log is created by passing '-l /var/named/dev/log' as an argument to syslogd at startup. etc/ has localtime and named.conf. named.conf is just my generic named config that I would use everywhere else, and the first part of it is pasted below: ----named.conf----- options { // The following paths are necessary for this chroot directory "/var/named"; pid-file "/var/run/named.pid"; // _PATH_PIDFILE query-source address my.ip.address port 53; // forward only; forwarders { my.isps.nameserver; }; listen-on { my.ip.address; }; }; // Deny queries for our version number except from localhost zone "bind" chaos { type master; file "master/bind"; allow-query {localhost; }; }; ----named.conf---- The paths mentioned here, are relative to /var/named because of the chroot. So /var/named above is actually /var/named/var/named usr/ is as follows usr/lib: libc.so libc.so.4 usr/lib/zoneinfo: localtime posixrules posixtime usr/libexec: ld-elf.so.1 named-xfer The usr/lib/zoneinfo stuff I put in because I found it in a GNU/Linux RPM of a chrooted-nameserver. I'm not sure if it's required. The stuff in usr/libexec and usr/lib seems to be important. var/ is as follows: var/log/run: named.pid ndc named: all my zone files Next, I made sure that syslog was running with the '-l /var/named/dev/log ' flag, and ran named -u bind -g bind -c /var/named/etc/named.conf \ -t /var/named All was well. If this is a slave server and you see things like May 14 18:42:22 server bind[186]: named-xfer "mydomain.com" exited with signal 6 then you should check that you have usr/lib/libc.so, usr/lib/libc.so.4 and usr/libexec/ld-elf.so.1 in your chroot tree. I hope that this helps someone :) -- - Wayne Pascoe E-mail: wayne.pascoe@realtime.co.uk Phone : +44 (0) 20 7544 4668 Mobile: +44 (0) 788 431 1675 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message