Using BIND in a chroot enviro?

To: debian-security@lists.debian.org
Subject: Using BIND in a chroot enviro?
From: Stefan Srdic <linuxbox@telusplanet.net>
Date: Sun, 01 Jul 2001 03:07:30 -0600
Message-id: <[🔎] 3B3EE852.6040906@telusplanet.net>

I'm running Woody at home and have installed and configured BIND 9 as acaching-only nameserver.

Basically, BIND is configured to listen for DNS queries on my localhostand the local network. I also have BIND configured to use my ISP'snameservers as forwaders if it does not contain the resolvinginformation in the cache. Finally, the daemon is also limited to querysource port 53 for easy compliance with Netfilter.

Recently I have been receiving several weird netfilter logs complainingabout denied DNS queries comming in from and going out to unknow hosts.I beleive that these logs may reflect a script kiddie who is attemptingto break BIND and possibly use my computer for remote DoS attacks orport scans.

Where could I find any relative information on running BIND in a chrootjail on Debian? I was running BIND 8 under a user and group named.However I feel that it might be worth while using a chroot jail toprevent any possible BIND exploits on my system.



Does anybody have any real-world experience with chroot'ing BIND?

Thanks

Stef

Reply to:

Follow-Ups:
- Re: Using BIND in a chroot enviro?
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: Using BIND in a chroot enviro?
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

Prev by Date: Re: ipchains
Next by Date: Re: Using BIND in a chroot enviro?
Previous by thread: Re: ipchains
Next by thread: Re: Using BIND in a chroot enviro?
Index(es):
- Date
- Thread