Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 12-19-2005, 11:06 PM   #1
LQ Newbie
Registered: Jan 2005
Location: Brockville, ON, Canada
Distribution: Slackware 10.2
Posts: 11

Rep: Reputation: 0
Question named will not start in chroot jail

Good day!

I am having some issues with getting BIND to run in a chroot jail. I have tried using several walkthroughs on the matter, and I have even done some searches here, and at a couple other forums. I have tried playing with permissions, I have made sure I have a user named with a group named. I have doulbe and triple checked to make sure I have all of the files in the chroot jail as per the walkthrough I followed ( I have double and triple checked my config files, and made sure I had the zone files in the right places..

I have prepared the chroot jail in /chroot/named Here is the directory structure of /chroot/named

./etc - contains named.conf, localtime
./dev - contains log=, null, random
./bin - contains false
./var - contains directories run and named
./var/named contains the zone files

My named.conf is as follows:
acl internal {;
acl bogus {;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

options {
	directory "/var/named";
	// query-source address * port 53;
	allow-query {internal; localhost; };
	allow-recursion { internal; localhost; };
	notify no;
	transfer-format many-answers;
	max-transfer-time-in 60;
	interface-interval 0;
	blackhole { bogus; };
	forward first;
	forwarders {;;;

// a caching only nameserver config
zone "." IN {
	type hint;
	file "caching-example/";

zone "localhost" IN {
	type master;
	file "caching-example/";
	allow-update { none; };

zone "" IN {
	type master;
	file "caching-example/named.local";
	allow-update { none; };

zone "" IN {
	type master;
	file "";
	allow-update {none; };
	notify no;
	allow-query { any; };
When I try and run the server normally, it does run, and works as expected, however, when I try to run it chroot'd, I get the following information in the logs:

Dec 19 22:49:03 aura-bleu named[9956]: starting BIND 9.3.1 -u named -t /chroot/named -c /etc/named.conf
Dec 19 22:49:03 aura-bleu named[9956]: loading configuration from '/etc/named.conf'
Dec 19 22:49:03 aura-bleu named[9956]: no IPv6 interfaces found
Dec 19 22:49:03 aura-bleu named[9956]: listening on IPv4 interface lo,
Dec 19 22:49:03 aura-bleu named[9956]: listening on IPv4 interface eth0,
Dec 19 22:49:03 aura-bleu named[9956]: couldn't add command channel file not found
I hope someone can point me in the right direction to solving this issue. Please let me know of any additional information you need

Old 12-20-2005, 05:24 AM   #2
Registered: Nov 2001
Location: London, UK
Distribution: Fedora
Posts: 161

Rep: Reputation: 43
bind sets up a default control channel. To disable it, add a line 'controls {}' to the config. See the "controls Statement Grammer" section of the bind9 Admin Reference Manual.

This default also looks for it's security keys in /etc/rndc.key and you will need to move this in to the jail and set up a symbolic link in /etc for 'rndc' to use.

There's a similar problem if you use dynamic DHCP/DNS updates.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot jail Gimpy Linux - Software 10 05-07-2010 02:30 PM
Chroot jail pachanga Linux - General 12 09-26-2008 06:15 AM
Jail and chroot rogk Linux - Security 2 10-16-2005 03:20 AM
chroot jail etc. f1uke Linux - Security 5 08-24-2005 04:12 AM
chroot jail simon Linux - Security 3 08-05-2001 09:21 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:58 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration