Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




21.8. Clean-up and Test the new chrooted jail

Remove the unnecessary files and directory.
 [root@deep] /# rm -f  /usr/sbin/named
 [root@deep] /# rm -f  /usr/sbin/named-xfer
 [root@deep] /# rm -f  /etc/named.conf
 [root@deep] /# rm -rf /var/named/
We remove the named and named-xfer binaries from the /usr/sbin directory, since the ones we'll work with now on a daily basis are located under the chroot directory. The same applies for the named.conf file and /var/named directory.

We must test the new chrooted jail configuration of our ISC BIND/DNS software.

  1. The first thing to do is to restart our syslogd daemon with the following command:
     [root@deep] /# /etc/rc.d/init.d/syslog restart
 Shutting down kernel logger:                               	[  OK  ]
     Shutting down system logger:                               	[  OK  ]
     Starting system logger:                                    	[  OK  ]
     Starting kernel logger:                               		[  OK  ]

  2. Now, start the new chrooted jail ISC BIND/DNS with the following command:
     [root@deep] /# /etc/rc.d/init.d/named start
 Starting named:                                            		[  OK  ]

  3. Make sure it's running as user named and with the new arguments. To verify that ISC BIND/DNS is running as user named with the new arguments, use the following command:
     [root@deep] /# ps auxw | grep named
 named 11446 0.0 1.2 2444 1580 ? S 23:09 0:00 /chroot/named/usr/sbin/named -t /chroot/named/ -unamed -gnamed
    The first column should be named, which is the UID named daemon is running under. The end of the line should be named -t /chroot/named/ -unamed -gnamed, which are the new arguments.

  4. Please dont forget to cleanup:
     [root@deep] /# rm -rf /var/tmp/src bind-src.tar.gz
    This will remove the source file and tar archive we used to compile and install ISC BIND/DNS.

Further documentation, for more details there are several man pages you can read:


- show the system's DNS domain name


- generate public, private, and shared secret keys for DNS Security


- query domain name servers using resolver


- Internet domain name server DNS

hesiod_to_bind [hesiod](3)

- Hesiod name server interface library


- determine run-time link bindings


- specify key bindings for less


- bind a Linux raw character device


- make FIFOs named pipes


- convert name server configuration files


- ancillary agent for inbound zone transfers

named.conf [named](5)

- configuration file for


- Disable named opcodes when compiling perl code


- send domain name query packets to name servers


- query Internet name servers interactively


- name daemon control program

  Published under the terms of the Open Publication License Design by Interspire