Good day!
I am having some issues with getting BIND to run in a chroot jail. I have tried using several walkthroughs on the matter, and I have even done some searches here, and at a couple other forums. I have tried playing with permissions, I have made sure I have a user named with a group named. I have doulbe and triple checked to make sure I have all of the files in the chroot jail as per the walkthrough I followed (
http://www.faqs.org/docs/Linux-HOWTO...IND-HOWTO.html) I have double and triple checked my config files, and made sure I had the zone files in the right places..
I have prepared the chroot jail in /chroot/named Here is the directory structure of /chroot/named
./etc - contains named.conf, localtime
./dev - contains log=, null, random
./bin - contains false
./var - contains directories run and named
./var/named contains the zone files
My named.conf is as follows:
Code:
acl internal {
10.50.1.0/24;
};
acl bogus {
0.0.0.0/8;
1.0.0.0/8;
2.0.0.0/8;
5.0.0.0/8;
7.0.0.0/8;
23.0.0.0/8;
27.0.0.0/8;
31.0.0.0/8;
36.0.0.0/8;
37.0.0.0/8;
39.0.0.0/8;
42.0.0.0/8;
49.0.0.0/8;
50.0.0.0/8;
77.0.0.0/8;
78.0.0.0/8;
79.0.0.0/8;
92.0.0.0/8;
93.0.0.0/8;
94.0.0.0/8;
95.0.0.0/8;
96.0.0.0/8;
97.0.0.0/8;
98.0.0.0/8;
99.0.0.0/8;
100.0.0.0/8;
101.0.0.0/8;
102.0.0.0/8;
103.0.0.0/8;
104.0.0.0/8;
105.0.0.0/8;
106.0.0.0/8;
107.0.0.0/8;
108.0.0.0/8;
109.0.0.0/8;
110.0.0.0/8;
111.0.0.0/8;
112.0.0.0/8;
113.0.0.0/8;
114.0.0.0/8;
115.0.0.0/8;
116.0.0.0/8;
117.0.0.0/8;
118.0.0.0/8;
119.0.0.0/8;
120.0.0.0/8;
121.0.0.0/8;
122.0.0.0/8;
123.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
173.0.0.0/8;
174.0.0.0/8;
175.0.0.0/8;
176.0.0.0/8;
177.0.0.0/8;
178.0.0.0/8;
179.0.0.0/8;
180.0.0.0/8;
181.0.0.0/8;
182.0.0.0/8;
183.0.0.0/8;
184.0.0.0/8;
185.0.0.0/8;
186.0.0.0/8;
187.0.0.0/8;
192.0.2.0/24;
192.168.0.0/16;
197.0.0.0/8;
223.0.0.0/8;
224.0.0.0/3;
};
options {
directory "/var/named";
// query-source address * port 53;
allow-query {internal; localhost; };
allow-recursion { internal; localhost; };
notify no;
transfer-format many-answers;
max-transfer-time-in 60;
interface-interval 0;
blackhole { bogus; };
forward first;
forwarders {
24.226.10.193;
24.226.1.93;
24.226.10.194;
};
};
//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "caching-example/named.ca";
};
zone "localhost" IN {
type master;
file "caching-example/localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "caching-example/named.local";
allow-update { none; };
};
zone "aura-bleu.net" IN {
type master;
file "aura-bleu.net/hosts.db";
allow-update {none; };
notify no;
allow-query { any; };
};
When I try and run the server normally, it does run, and works as expected, however, when I try to run it chroot'd, I get the following information in the logs:
Code:
Dec 19 22:49:03 aura-bleu named[9956]: starting BIND 9.3.1 -u named -t /chroot/named -c /etc/named.conf
Dec 19 22:49:03 aura-bleu named[9956]: loading configuration from '/etc/named.conf'
Dec 19 22:49:03 aura-bleu named[9956]: no IPv6 interfaces found
Dec 19 22:49:03 aura-bleu named[9956]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 19 22:49:03 aura-bleu named[9956]: listening on IPv4 interface eth0, 10.50.1.100#53
Dec 19 22:49:03 aura-bleu named[9956]: couldn't add command channel 127.0.0.1#953: file not found
I hope someone can point me in the right direction to solving this issue. Please let me know of any additional information you need
thanks