Chroot BIND named deprecated in Fedora 11
If you've tried to fire up a chroot named on Fedora 11 you may have noticed it complains about missing configuration files such as named.dnssec.keys.
There is a bug that implies you should use SELINUX instead of chroot. But if you aren't ready for SELINUX, you can still run a chroot name server. Here is how.
# tell the startup script to chroot named
echo 'ROOTDIR=/var/named/chroot' >> /etc/sysconfig/named
# copy or move and symlink. your choice. i'll move.
for f in named.dnssec.keys named.rfc1912.zones named.ca; do
cp -p /etc/$f /var/named/chroot/etc/
rm /etc/$f
ln -s /var/named/chroot/etc/$f /etc/$f
done
# you can begin to see how this may not be best in the long term
mkdir -p /var/named/chroot/etc/pki
tar -C /etc/pki cf - dnssec-keys | (cd /var/named/chroot/etc/pki; tar xvf -)
Instead of copying that PKI dir you could alternatively just disable DNSSEC in
named.conf, but you still need to copy named.rfc1912.zones and named.ca into your chroot.
- dale's blog
- Login or register to post comments
Recent comments
50 weeks 2 days ago
50 weeks 2 days ago
1 year 9 weeks ago
1 year 38 weeks ago
1 year 38 weeks ago
1 year 50 weeks ago
2 years 5 weeks ago
2 years 5 weeks ago
2 years 6 weeks ago
2 years 6 weeks ago