I tested (or tried to) bind-9.0.0-2 briefly, and I must say there were a _lot_ of serious issues with it. prereqs: * kernel-2.4pre kernel is required for -u operation (!) init.d/named: * there is no /usr/sbin/ndc, only /usr/sbin/rndc * condrestart is written cond-restart /usr/sbin/rndc: * A default /etc/rndc.conf is not supplied (it's with the tarball), so rndc doesn't work * About all features of rndc at least seem to be 'not implemented yet' /usr/sbin/named: * -t (chroot) doesn't seem to work: strace /chroot/bind/usr/sbin/named -t /chroot/bind: --- [...] chroot("/chroot/bind") = 0 chdir("/") = 0 prctl(0x8, 0x1, 0, 0, 0) = -1 EINVAL (Invalid argument) getuid() = 0 capset(0xbffff9a8, 0xbffff9b0) = 0 brk(0x807b000) = 0x807b000 old_mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x402df000 fork() = 29243 _exit(0) = ? --- [...] Oct 28 19:40:29 otso named[29245]: listening on IPv4 interface eth0, x.y.z.w#53 Oct 28 19:40:29 otso named[29245]: couldn't open pid file '/var/run/named.pid': Permission denied Oct 28 19:40:29 otso named[29245]: exiting (due to early fatal error) --- sigh.
Most of these issues are problems with the base package (2.4 requirement, chroot not working), please report them to bind-bugs. (Don't have the time to fix this at the moment). The packaging related bugs are fixed in -3.
Contacted. -u is not going to work in 2.2 kernels at all due to threads implementation issues. Bind gives up some root privileges (including the ability to write to non-root-owned directories) even without -u. My /chroot/bind/var/run was owned by named.named as of 8.2.2. So, the /var/run directory has to be owned by the right user.
*** Bug 192026 has been marked as a duplicate of this bug. ***