I just downloaded the bind-chroot rpm and looked into it with Archive manager (so I am lazy), and no files, just the chroot tree. I am assuming there is some script that Archive manager does not show, or I am just missing it, because the ROOTDIR= did get added to /etc/sysconfig/named (and the one in the bind rpm is without this line).
Just interesting that if you chroot, you are expected to know that everything needs to be placed there. And they leave the /etc/named.conf there untouched. Seems they should remove this or make it a symlink?
And what about /etc/rndc.key? your chrooted bind uses the /var/named/chroot/etc/rndc.key and rndc uses the /etc/rndc.key, or so it seems, so your rndc.key is left unprotected outside of the chroot jail? Am I missing something in the rndc setup with chrooted bind? I am not seeing any special instructions on this in the Redhat documentation.
On 02/14/2013 08:47 PM, Robert Moskowitz wrote:
I just downloaded the bind-chroot rpm and looked into it with Archive manager (so I am lazy), and no files, just the chroot tree. I am assuming there is some script that Archive manager does not show, or I am just missing it, because the ROOTDIR= did get added to /etc/sysconfig/named (and the one in the bind rpm is without this line).
Just interesting that if you chroot, you are expected to know that everything needs to be placed there. And they leave the /etc/named.conf there untouched. Seems they should remove this or make it a symlink?
I just went back to the Centos 5.5 bind-chroot rpm (which I have on my local repo server) and it is the same. Wow, that means I have been caring this stuff around further back than that? But one thing is in 5.5 it created /var/named/chroot/var/named/ data and slave which 6.3 are not. And I am having permission problems with these two subdirectories and I am NOT seeing the problem. Hope it is not a selinux issue.
And what about /etc/rndc.key? your chrooted bind uses the /var/named/chroot/etc/rndc.key and rndc uses the /etc/rndc.key, or so it seems, so your rndc.key is left unprotected outside of the chroot jail? Am I missing something in the rndc setup with chrooted bind? I am not seeing any special instructions on this in the Redhat documentation.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, 14 Feb 2013 at 20:47 -0000, Robert Moskowitz wrote:
I just downloaded the bind-chroot rpm and looked into it with Archive manager (so I am lazy), and no files, just the chroot tree. I am assuming there is some script that Archive manager does not show, or I am just missing it, because the ROOTDIR= did get added to /etc/sysconfig/named (and the one in the bind rpm is without this line).
Just interesting that if you chroot, you are expected to know that everything needs to be placed there. And they leave the /etc/named.conf there untouched. Seems they should remove this or make it a symlink?
And what about /etc/rndc.key? your chrooted bind uses the /var/named/chroot/etc/rndc.key and rndc uses the /etc/rndc.key, or so it seems, so your rndc.key is left unprotected outside of the chroot jail? Am I missing something in the rndc setup with chrooted bind? I am not seeing any special instructions on this in the Redhat documentation.
It has been quite a while, but I think there might be some stuff in the main bind package which makes chroot work right when bind-chroot is installed. Did you look at what that package installs?
-
Robert Moskowitz -
Stuart Barkley