From Bugzilla Helper: Description of problem: The default configuration of bind should come with a chrooted named. At least some support scripts should be provided, which make it easy to migrate to a chrooted named. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Just start named or 2. try to setup a chrooted named which can be maintained with out of the box tools 3. Additional info: Provide a chrooted named as standard setup (including tools support). Use the attached script as a start for migrating a non chrooted named to chroot:
Created attachment 90333 [details] shell script to migrate to chrooted named including syslog support This was tested on Redhat 7.2 with bind 9.2.1-1.7x and two times on redhat 8.0 with bind 9.2.1-9 always with ROOTDIR=/var/named and user=named. The only official name server with this settings is ns.asis-corp.com.
The script depends on "strings" which belongs to binutils. These are possibly not installed on a named only machine. This is not really necessary.
I have added a bind-chroot kit that when installed will cause bind to run in a chroot environment. It will be on Rawhide as soon as rawhide is available. The source rpm is available on ftp://people.redhat.com/dwalsh. This is experimental. Your feedback is appreciated. Thanks