fyi: howto set up bind chroot()ed on debian

[Robert Waldner <waldner@waldner.priv.at>]

Hi!

This is what I had to do to get bind chroot()ed on my debian (mostly) 
 stable box, maybe it´ll be useful for others.

This is "as is", your setup might differ, expect troubles, yadda, yadda.

mkdir /var/local/bind
mkdir /var/local/bind/etc
mkdir /var/local/bind/etc/bind
(cd /etc/bind; tar cv *) | (cd /var/local/bind/etc/bind; tar xv)
mkdir /var/local/bind/var
mkdir /var/local/bind/var/run
mkdir /var/local/bind/var/cache
mkdir /var/local/bind/var/cache/bind
mkdir /var/local/bind/usr
mkdir /var/local/bind/usr/sbin
mkdir /var/local/bind/lib
cp /usr/sbin/named-xfer !$/
cp /lib/libc.so.6 !$
cp /lib/ld-linux.so.2 !$
mkdir /var/local/bin/dev
cd !$
mknod null c 1 3

named.conf changes, only thing for me to do was logging, since there is 
 no syslogging out of the chroot:
.-.-.
logging { channel logdefault { severity info;
                               file "/named.log";
                             };
          category default              { logdefault; };
          category config               { logdefault; };
          category panic                { logdefault; };
          category update               { logdefault; };
          category xfer-in              { logdefault; };
          category xfer-out             { logdefault; };
          category notify               { logdefault; };
          category security             { logdefault; };
          category insist               { logdefault; };
          category load                 { logdefault; };
          category response-checks      { null; };
          category maintenance          { null; };
          category os                   { null; };
          category cname                { null; };
          category packet               { null; };
          category eventlib             { null; };
          category db                   { null; };
          category ncache               { null; };
          category parser               { null; };
          category queries              { null; };
          category lame-servers         { null; };
          category statistics           { null; };
        };
.-.-.

/etc/init.d/bind changes, taking the easy way:
.-.-.
<...>
    start)
        echo -n "Starting domain name service: named"
        /usr/sbin/named -t /var/local/bind/
<...>
    stop)
        echo -n "Stopping domain name service: named"
        killall /usr/sbin/named || killall -9 /usr/sbin/named
<...>
    restart)
        sh $0 stop
        sh $0 start
    ;;

    reload)
        sh $0 restart
    ;;

    force-reload)
        sh $0 restart
.-.-.

If you spot errors, please let me know.

cheers,
&rw
-- 
-- The difference between sex and death is that with death
-- you can do it alone and no one is going to make fun of you.
-- - Woody Allen
----

Attachment: pgpmqh2hublT8.pgp
Description: PGP signature