Re: Setting up chroot on Solaris 9 with BIND 9 -t switch

Rich Parkin <RParkin@ldmi.com> wrote:
> Hello, all!

> I am in the process of rebuilding our DNS servers with Solaris 9 and
> BIND 9 and have BIND working (installed in /usr/local). I'm trying to
> keep things as simple as I can so others can support it, but secure
> enough for ISP production. I would like to set up a chroot environment
> using the -t switch. I've looked for documentation on doing this and
> haven't found much so far.

> I have built a BIND 9 implementation on Solaris before, but my efforts
> at setting up chroot with the available documentation at the time didn't
> work (I'm not terribly skilled with Solaris yet). Can anyone point me
> at a resource? I've looked at the Secure BIND Template, but it doesn't
> cover use of the -t switch.

> Does the chroot environment have to be set up basically the same
> whether or not you use the -t switch? Can anyone explain in technical
> detail what the -t switch actually does? Any reason why I shouldn't use
> the -t switch and try to set up a traditional chroot instead?

The '-t' allows named to do the chroot() stuff itself, but after initalization,
su much of the hassle with chroot(1) is not needed.

I guess you can say they are mutually exclusive.


> Richard Parkin
> System Administrator
> CCNA
> Data Center Operations
> LDMI Telecommunications


--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.