[Pdns-users] Problem with chroot and local resolving and anot her problem with guardian

Bauer, Georg bauer at gws.ms
Wed Jul 9 12:16:00 UTC 2003


> I've done a quick test using chroot and didn't get it working 
> too, but 
> I think setting the chroot option doesn't do the job. Which files and 
> directories are needed in the jail for chroot'ed startup? The 

The pdns in the debian package is statically linked, so no libraries. I
created the etc directory with resolv.conf, nsswitch.conf, host.conf and
hosts in there, so I think the resolver should work. At least it should be
noted in the documentation that this is a problem. The control socket is
created in the chroot (I used the example given in the documentation and set

Actually the chroot and most of pdns work just fine. Only thing that doesn't
work is the resolution of nameservers, when it should send out notifies of
changed domains.

I do have the slave running with chroot and setuid/setgid, but without
guardian because of the "does not AXFR when guardian==yes" problem and have
the master running with setuid/setgid and guardian, because of the "can't
resolve with chroot" problem. So at least 66% of pdns security measures work
in both cases, and I have a 50% working overlap ;-)

> If I set chroot to "./" like described in the docs, what directory is 
> used for the jail?

In the debian package it's /var/run. There the controlsocket and pid file
are created.

bye, Georg

More information about the Pdns-users mailing list