If you've tried to fire up a chroot named on Fedora 11 you may have noticed it complains about missing configuration files such as named.dnssec.keys.
There is a bug that implies you should use SELINUX instead of chroot. But if you aren't ready for SELINUX, you can still run a chroot name server. Here is how.
# tell the startup script to chroot named echo 'ROOTDIR=/var/named/chroot' >> /etc/sysconfig/named # copy or move and symlink. your choice. i'll move. for f in named.dnssec.keys named.rfc1912.zones named.ca; do cp -p /etc/$f /var/named/chroot/etc/ rm /etc/$f ln -s /var/named/chroot/etc/$f /etc/$f done # you can begin to see how this may not be best in the long term mkdir -p /var/named/chroot/etc/pki tar -C /etc/pki cf - dnssec-keys | (cd /var/named/chroot/etc/pki; tar xvf -)
Instead of copying that PKI dir you could alternatively just disable DNSSEC in
named.conf, but you still need to copy named.rfc1912.zones and named.ca into your chroot.