[Pdns-users] Problem with chroot and local resolving and anot her problem with guardian
Bauer, Georg
bauer at gws.ms
Wed Jul 9 12:16:00 UTC 2003
Hi!
> I've done a quick test using chroot and didn't get it working
> too, but
> I think setting the chroot option doesn't do the job. Which files and
> directories are needed in the jail for chroot'ed startup? The
The pdns in the debian package is statically linked, so no libraries. I
created the etc directory with resolv.conf, nsswitch.conf, host.conf and
hosts in there, so I think the resolver should work. At least it should be
noted in the documentation that this is a problem. The control socket is
created in the chroot (I used the example given in the documentation and set
chroot=./).
Actually the chroot and most of pdns work just fine. Only thing that doesn't
work is the resolution of nameservers, when it should send out notifies of
changed domains.
I do have the slave running with chroot and setuid/setgid, but without
guardian because of the "does not AXFR when guardian==yes" problem and have
the master running with setuid/setgid and guardian, because of the "can't
resolve with chroot" problem. So at least 66% of pdns security measures work
in both cases, and I have a 50% working overlap ;-)
> If I set chroot to "./" like described in the docs, what directory is
> used for the jail?
In the debian package it's /var/run. There the controlsocket and pid file
are created.
bye, Georg
More information about the Pdns-users
mailing list