Chroot Jailing BIND

By | March 16, 2016

To improve the security of Bind we are going to run it in a chroot jailed environment.

What is a chroot jail?

Application jails, also known as “change root jails” or “chroot jails,” are security systems that are supported by all Linux and Unix systems. It basically is an application that creates an  impenetrable barrier between the “jailed” software and the rest of the system. This creates an enormous level of safety. A chroot jail “incarcerates” untrusted applications, and acts like a guard, almost literally, for applications that already have substantial security measures built-in.

# /etc/init.d/named stop
# mkdir -p /chroot/named
# cd /chroot/named
# mkdir -p dev etc/named var/run/named
# mknod /chroot/named/dev/null c 1 3
# mknod /chroot/named/dev/random c 1 8
# chmod 666 /chroot/named/dev/null
# chmod 666 /chroot/named/dev/random
# cp /etc/localtime /chroot/named/etc/
# mv /etc/named.conf /chroot/named/etc/
# mv /etc/named/* /chroot/named/etc/named/
# chown -R named.named /chroot/named

Now we need to tell BIND to run in the chroot jail

# vi /etc/sysconfig/named

Uncomment the line that reads
#ROOTDIR=”/chroot/named/

Restart BIND and verify that it is working.

# /etc/init.d/bind restart

One thought on “Chroot Jailing BIND

  1. Pingback: BIND Installation | Open Source and Linux

Leave a Reply

Your email address will not be published. Required fields are marked *