Chrooting Bind under Debian

I needed to do this quickly so found this nice document than explains it all. Applied to latest Squeeze and works accordingly, here is the quick and dirty guide for the impatient:

#install
apt-get install bind9 bind9-doc dnsutils
/etc/init.d/bind9 stop
#setup of chroot
mkdir -p /var/chroot/bind9/{etc,dev,var/cache/bind,var/run/bind/run}
chown -R bind:bind /var/chroot/bind9/var/*
mknod /var/chroot/bind9/dev/null c 1 3
mknod /var/chroot/bind9/dev/random c 1 8
chmod 666 /var/chroot/bind9/dev/{null,random}
#move config
mv /etc/bind /var/chroot/bind9/etc
ln -s /var/chroot/bind9/etc/bind /etc/bind
#modify syslog config
echo “$AddUnixListenSocket /var/chroot/bind9/dev/log” >> /etc/rsyslog.d/bind-chroot.conf
#setup bind to start chroot
vi /etc/default/bind9
# modify this line: OPTIONS=”-u bind -t /var/chroot/bind9″
/etc/init.d/rsyslog restart
ls -al /var/chroot/bind9/dev/log
/etc/init.d/bind9 start

Total time, less than writing this entry 🙂

One thought on “Chrooting Bind under Debian

  1. Thanks for it — short and sweet 🙂

    All good except for echo "$AddUnixListenSocket /var/chroot/bind9/dev/log" which needs single quotes or $.

Comments are closed.