CHRoot Install

From SysadminPunk Wiki!

1. Install bind9 and its docs and utilities:

sudo apt-get install bind9 bind9-doc dnsutils

1. It will probably autostart after install, so stop it before proceeding:

sudo /etc/init.d/bind9 stop

1. Create your chroot. This requires a minimal file tree:

sudo mkdir -p /var/chroot/bind9/{etc,dev,var/cache/bind,var/run/bind/run}
sudo chown -R bind:bind /var/chroot/bind9/var/*

1. And some devices:

sudo mknod /var/chroot/bind9/dev/null c 1 3
sudo mknod /var/chroot/bind9/dev/random c 1 8
sudo chmod 666 /var/chroot/bind9/dev/{null,random}

1. Move your default configuration files:

sudo mv /etc/bind /var/chroot/bind9/etc
sudo ln -s /var/chroot/bind9/etc/bind /etc/bind

1. Tell rsyslog to listen for log events in the chroot:

sudo vi /etc/rsyslog.d/bind-chroot.conf

and add the line:

$AddUnixListenSocket /var/chroot/bind9/dev/log

1. Tell bind9 init to use the chroot:

sudo vi /etc/default/bind9

and add:

OPTIONS="-u bind -t /var/chroot/bind9"

1. Restart syslogd and make sure it creates /dev/log in the chroot.

sudo /etc/init.d/rsyslog restart

Restarting system log daemon: syslogd.

sudo ls -al /var/chroot/bind9/dev/log
srw-rw-rw- 1 root root 0 2008-10-09 14:48 /var/chroot/bind9/dev/log

1. Start bind9 and make sure it works

sudo /etc/init.d/bind9 start
 Starting domain name service...: bind.
ps ax | grep [n]amed
 5397 ?        Ssl    0:00 /usr/sbin/named -u bind -t /var/chroot/bind9
host localhost 127.0.0.1
 localhost                   A        127.0.0.1

1. Copy over your old named.conf.local and db.yourdomain-here files, and restart again.
2. Otherwise Add_Domains