From owner-freebsd-questions Mon Aug 26 10:25:32 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03A1B37B401 for ; Mon, 26 Aug 2002 10:25:24 -0700 (PDT) Received: from ei.bzerk.org (ei.xs4all.nl [213.84.67.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id B88D443E91 for ; Mon, 26 Aug 2002 10:25:20 -0700 (PDT) (envelope-from fbsd-q@bzerk.org) Received: from ei.bzerk.org (BOFH@localhost [127.0.0.1]) by ei.bzerk.org (8.12.5/8.12.5) with ESMTP id g7QH6WGL073297; Mon, 26 Aug 2002 19:06:32 +0200 (CEST) (envelope-from stable@ei.bzerk.org) Received: (from stable@localhost) by ei.bzerk.org (8.12.5/8.12.5/Submit) id g7QH6Vgc073278; Mon, 26 Aug 2002 19:06:31 +0200 (CEST) Date: Mon, 26 Aug 2002 19:06:31 +0200 From: Ruben de Groot To: Mailing Lists Cc: freebsd-questions@FreeBSD.ORG Subject: Re: chrooted Bind follow-up questions & potential Gotcha's Message-ID: <20020826170631.GA45074@ei.bzerk.org> References: <5CD145A8-B908-11D6-97A5-0003935761AA@imagefoundation.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5CD145A8-B908-11D6-97A5-0003935761AA@imagefoundation.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Aug 26, 2002 at 08:27:42AM -0700, Mailing Lists typed: > Hi all, > > Well, thanks to the generous help of several individuals on this list and > the well written tutorial in the handbook on chrooting bind, I now have 2 > name servers running on FreeBSD 4.6.2. It's really not that difficult to > do, once you know what the heck's going on. > > Took me several tries over the course of a few months but hey, I'm a mac > guy. If you're having problems setting your own up, just keep pouring over > the list and the handbook, the lights will come on eventually (as they did > in my case). > > In any case, now that the glow of my triumph has started to fade, I have a > few more questions. > > - I chrooted the Bind that gets installed with FreeBSD (8.3.3, I believe > it was), and I did this in place under "/etc/namedb/", as outlined in the > handbook. A horrible thought just occurred to me though, what happens when > I update my installation now? Will FreeBSD just leave what I've done in > place? Will it magically see my chrooted Bind installation and update > Named et. al. when updates are needed? Or am I, as we say here in Canada, > hosed? Not really, but if you copied any binaries or libraries to nonstandard places you should track them, because the update process will only update files in their default locations. > > - While going through this learning process, I kept hearing of "Jail", > after getting up and running (and I mean live, up and running with about > 30 domains), the coolness of Jail finally dawned on me, and I think I'd > like to switch. Could I just copy my existing Bind installation to the > appropriate location within the jailed environment? Should, or even can > one run a chrooted Bind within a jail (talk about an onion skin approach > to security!) > > - If I were to run Bind inside a Jail, is there any way of knowing what > the minimum cruft required within the Jail is? What programs does Bind > rely on to function? Maybe this little howto I wrote about my owm bind-in-jail setup can be of some help: http://www.xs4all.nl/~rubeng/files/bindjail.html hope this helps, Ruben > > Thanks all, in advance > > Tom > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message