[BlueOnyx:18834] Re: BlueOnyx server down

[Tigerwolf]

On Thu, 17 Dec 2015, Michael Stauber wrote:

> Hi all,
>
> This is just a "for the records" post as I logged into Tom's box and
> sorted the issue.
>
> Here is where 5209R is a bit different: On all older boxes we needed to
> do some "hacking" to let the DNS run in a chroot. Hence on older boxes
> the service you need for DNS is just "named".
>
> On 5209R the underlying OS provides us with two separate startup scripts:
>
> - "named" for the regular DNS without chroot.
>
> - "named-chroot" for the DNS with chroot environment.

And at least on 5106, the named init startup script does a mount of some 
files in /etc (and elsewhere) onto the same file name in 
/var/named/chroot/var/etc or the equivalent chroot dir *if* there's not a 
file actually in the target.  This gave me fits until I figured out what 
it was doing, since if you stopped named, all the mounts would go away. I 
even removed *all* files and dirs associated with bind and re-installed 
it, partly because older update iterations left cruft here and there.

Supposedly the chroot was to prevent some security issues in older 
version.  The question I've had for a long time is whether or not 
*needing* to put it into a chroot jail is still valid.

-- 
=^_^=  Tigerwolf