[Pdns-users] Problem with chroot and local resolving and anot her problem with guardian

Bauer, Georg bauer at gws.ms
Wed Jul 9 12:16:00 UTC 2003


Hi!

> I've done a quick test using chroot and didn't get it working 
> too, but 
> I think setting the chroot option doesn't do the job. Which files and 
> directories are needed in the jail for chroot'ed startup? The 

The pdns in the debian package is statically linked, so no libraries. I
created the etc directory with resolv.conf, nsswitch.conf, host.conf and
hosts in there, so I think the resolver should work. At least it should be
noted in the documentation that this is a problem. The control socket is
created in the chroot (I used the example given in the documentation and set
chroot=./).

Actually the chroot and most of pdns work just fine. Only thing that doesn't
work is the resolution of nameservers, when it should send out notifies of
changed domains.

I do have the slave running with chroot and setuid/setgid, but without
guardian because of the "does not AXFR when guardian==yes" problem and have
the master running with setuid/setgid and guardian, because of the "can't
resolve with chroot" problem. So at least 66% of pdns security measures work
in both cases, and I have a 50% working overlap ;-)

> If I set chroot to "./" like described in the docs, what directory is 
> used for the jail?

In the debian package it's /var/run. There the controlsocket and pid file
are created.

bye, Georg


More information about the Pdns-users mailing list