Re: chroot and BIND

From: Rich Teer (richard.teer@rite-group.com)
Date: 10/24/01 

Date: Wed, 24 Oct 2001 09:56:51 -0700 (PDT)
From: Rich Teer <richard.teer@rite-group.com>
To: Joseph Tam <tam@math.ubc.ca>
Subject: Re: chroot and BIND
Message-ID: <Pine.GSO.4.33.0110240952500.22762-100000@grover>

On Tue, 23 Oct 2001, Joseph Tam wrote:

> How, incidentally, are people constructing their chroot jail to run
> bind 9.1.3?

I'd use the first option you present.

> 3) Using pure static named

Not a good idea. How will you patch the libraries that named
relies on, apart from building another static version. With
dynamic linking, you stop named, copy the updated version to
your chrooted jail, and re-start it. Easy, no mess, no fuss.

> 2) The non-chroot()'d named also opens up a special door file called
>
> /var/run/syslog_door
>
> What's this and do I need it for syslog'ing? In particular, what files do I
> need to bring into the jail directory to implement syslog-ing?

Doors are a high performance, local RPC mechanism.

> 3) Should the jail directory reside on it's own partition?

I can't see what difference that would make.

> 5) Is there a reason to prefer one method over another? If not, method 1
> is by far the easiest and the one I would implement, all other things being
> equal.

If think method 1 is the best.

> Joseph Tam <tam@math.ubc.ca>
> Network Administrator
> Department of Mathematics
> University of British Columbia

Hey, I'm in Kelowna! Don't supopose there's any open
job positions at UBC? 

--
Rich Teer

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net