Posts

Showing posts from November 8, 2009
CHROOT-BIND

Before starting
This tutorial is written "only for a beginner,by a beginner".NOT FOR PRODUCTION

Why we are using CHROOT-BIND

The idea behind running BIND in a chroot jail is to limit the amount of access any malicious individual could gain by hacking BIND.
It is for the same reason that we run BIND as a non-root user.



CHROOT-BIND configuration
========================================
/var/named/chroot/---will be the root ("/") directory

ie;/etc/named.conf will be /var/named/chroot/etc/named.conf
/var/named/ will be /var/named/chroot/var/named/

KEEP THIS IN MIND EVERY TIME....
we will not refer original location ie; /var/named/chroot/etc/named.conf
Will refer as /etc/named.conf

=========================================
/etc/named.conf
=========================================
options
{
directory "/var/named";
};

controls {
inet 127.0.0.1 allow { localhost;127.0.0.1;} keys { rndckey; };
};


acl "safe-subnet" { 10.10.40.0/24; };
view "internal&q…