jessie_bind_chroot
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
jessie_bind_chroot [2015/12/18 16:17] – admin | jessie_bind_chroot [2016/01/25 08:33] (current) – [Long story short:] admin | ||
---|---|---|---|
Line 5: | Line 5: | ||
For Jessie, edit / | For Jessie, edit / | ||
+ | |||
+ | < | ||
[Unit] | [Unit] | ||
Description=BIND Domain Name Server | Description=BIND Domain Name Server | ||
Line 17: | Line 19: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
+ | </ | ||
For Jessie, after changing the above unit file, reload it with: | For Jessie, after changing the above unit file, reload it with: | ||
+ | < | ||
systemctl daemon-reload | systemctl daemon-reload | ||
+ | </ | ||
Now create the chroot directory structure: | Now create the chroot directory structure: | ||
- | mkdir -p / | + | < |
+ | mkdir -p / | ||
+ | </ | ||
Create the required device special files and set the correct permissions: | Create the required device special files and set the correct permissions: | ||
+ | < | ||
mknod / | mknod / | ||
mknod / | mknod / | ||
chmod 660 / | chmod 660 / | ||
+ | chown bind / | ||
+ | </ | ||
Move the current config directory into the new chroot directory: | Move the current config directory into the new chroot directory: | ||
+ | < | ||
mv /etc/bind / | mv /etc/bind / | ||
+ | </ | ||
Now create a symbolic link in /etc for compatibility: | Now create a symbolic link in /etc for compatibility: | ||
+ | < | ||
ln -s / | ln -s / | ||
+ | </ | ||
If you want to use the local timezone in the chroot (e.g. for syslog): | If you want to use the local timezone in the chroot (e.g. for syslog): | ||
+ | < | ||
cp / | cp / | ||
+ | </ | ||
Change the ownership on the files you've just moved over and the rest of the newly created chroot directory structure: | Change the ownership on the files you've just moved over and the rest of the newly created chroot directory structure: | ||
+ | < | ||
chown -R bind:bind /etc/bind/* | chown -R bind:bind /etc/bind/* | ||
chmod 775 / | chmod 775 / | ||
chgrp bind / | chgrp bind / | ||
- | + | </ | |
- | Edit the PIDFILE variable | + | Edit the PIDFILE variable to the correct path: |
+ | < | ||
PIDFILE=/ | PIDFILE=/ | ||
+ | </ | ||
Finally tell rsyslog to listen to the bind logs in the correct place: | Finally tell rsyslog to listen to the bind logs in the correct place: | ||
+ | < | ||
echo " | echo " | ||
+ | </ | ||
Restart rsyslog and start bind: | Restart rsyslog and start bind: | ||
+ | < | ||
/ | / | ||
+ | </ | ||
+ | ====Logging==== | ||
+ | |||
+ | / | ||
+ | < | ||
+ | / | ||
+ | daily | ||
+ | compress | ||
+ | delaycompress | ||
+ | rotate 5 | ||
+ | missingok | ||
+ | postrotate | ||
+ | [ -e / | ||
+ | endscript | ||
+ | } | ||
+ | |||
+ | / | ||
+ | daily | ||
+ | compress | ||
+ | delaycompress | ||
+ | rotate 5 | ||
+ | missingok | ||
+ | postrotate | ||
+ | [ -e / | ||
+ | endscript | ||
+ | } | ||
+ | |||
+ | / | ||
+ | daily | ||
+ | compress | ||
+ | delaycompress | ||
+ | rotate 5 | ||
+ | missingok | ||
+ | postrotate | ||
+ | [ -e / | ||
+ | endscript | ||
+ | } | ||
+ | |||
+ | </ | ||
- | ====in short:==== | + | ====Long story short:==== |
< | < | ||
apt-get install bind9 bind9-doc | apt-get install bind9 bind9-doc | ||
Line 72: | Line 119: | ||
systemctl daemon-reload | systemctl daemon-reload | ||
- | mkdir -p / | + | mkdir -p / |
mknod / | mknod / | ||
mknod / | mknod / | ||
chmod 660 / | chmod 660 / | ||
+ | chown bind / | ||
mv /etc/bind / | mv /etc/bind / | ||
ln -s / | ln -s / | ||
Line 83: | Line 131: | ||
chmod 775 / | chmod 775 / | ||
chgrp bind / | chgrp bind / | ||
+ | chown bind / | ||
+ | touch / | ||
+ | ln -s / | ||
+ | chgrp bind / | ||
vi / | vi / | ||
Line 90: | Line 142: | ||
/ | / | ||
</ | </ | ||
+ | |||
+ | * Add the logrotate script from above |
jessie_bind_chroot.txt · Last modified: 2016/01/25 08:33 by admin