From Wikipedia:
BIND, or named, is the most widely used Domain Name System (DNS) software on the Internet. On Unix-like operating systems it is the de facto standard.
As you know chrooting a process is very beneficial for security as any compromise cannot have effect on the whole system. But be aware escaping from chroot is not impossible. and therefore should not be used as your only security measure on a production DNS resolver.
Chrooting Bind is simple, however there are not good HOWTOs, the good ones are all outdated.
So I made this Asciinema for “chrooting bind 9 in debian 8” (systemd)
[click on it]
Let me know of any inaccuracies or suggestions as usual :)
Shahriar
- UPDATE : Thanks to Behrad Eslamifar for letting me know, This debian 8 package will also do the job if you don’t want to do it manually: https://github.com/cvak/bind-chroot
Comments powered by Disqus.