Is chrooted bind really necessary?
 

Hello all,

I recently tried to install bind chrooted on a completely fresh debian etch r2.
I used howtoforge guide to chroot bind but cant get bind started. I get an error what i think is permission related. After lots of frustration i was beginning to ask myself: is it really needed to chroot bind?

So since I don't know i ask you guys :)

Is it really needed? Is it really that big of a security risk. How can external people abuse a not chrooted bind?

I don't think any security measure exists which is necessary (unless it's required by law). But it's important that you assume that your BIND daemon will be compromised, and take pre-emptive measures for that. That's probably what your tutorial was aiming at with the chroot suggestion. Perhaps you should get a good night's sleep and then try again. I mean, chroot provides a very weak layer of security, but it's better than nothing at all. In the future, you might wanna look at mandatory access control instead.

In addition you also might want to ask yourself if you want to run ISC BIND and not djbdns.