CLASS="section" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" >

21.8. Clean-up and Test the new chrooted jail

Remove the unnecessary files and directory.

 [root@deep] /# rm -f  /usr/sbin/named
 [root@deep] /# rm -f  /usr/sbin/named-xfer
 [root@deep] /# rm -f  /etc/named.conf
 [root@deep] /# rm -rf /var/named/
 
We remove the named and named-xfer binaries from the /usr/sbin directory, since the ones we'll work with now on a daily basis are located under the chroot directory. The same applies for the named.conf file and /var/named directory.

We must test the new chrooted jail configuration of our ISC BIND/DNS software.

  1. The first thing to do is to restart our syslogd daemon with the following command:
    
 [root@deep] /# /etc/rc.d/init.d/syslog restart
     
    
 Shutting down kernel logger:                               	[  OK  ]
     Shutting down system logger:                               	[  OK  ]
     Starting system logger:                                    	[  OK  ]
     Starting kernel logger:                               		[  OK  ]
     

  2. Now, start the new chrooted jail ISC BIND/DNS with the following command:
    
 [root@deep] /# /etc/rc.d/init.d/named start
     
    
 Starting named:                                            		[  OK  ]
     

  3. Make sure it's running as user named and with the new arguments. To verify that ISC BIND/DNS is running as user named with the new arguments, use the following command:
    
 [root@deep] /# ps auxw | grep named
     
    
 named 11446 0.0 1.2 2444 1580 ? S 23:09 0:00 /chroot/named/usr/sbin/named -t /chroot/named/ -unamed -gnamed
     
    The first column should be named, which is the UID named daemon is running under. The end of the line should be named -t /chroot/named/ -unamed -gnamed, which are the new arguments.

  4. Please dont forget to cleanup:
    
 [root@deep] /# rm -rf /var/tmp/src bind-src.tar.gz
     
    This will remove the source file and tar archive we used to compile and install ISC BIND/DNS.

Further documentation, for more details there are several man pages you can read:

dnsdomainname(1)

- show the system's DNS domain name

dnskeygen(1)

- generate public, private, and shared secret keys for DNS Security

dnsquery(1)

- query domain name servers using resolver

named(8)

- Internet domain name server DNS

hesiod_to_bind [hesiod](3)

- Hesiod name server interface library

ldconfig(8)

- determine run-time link bindings

lesskey(1)

- specify key bindings for less

raw(8)

- bind a Linux raw character device

mkfifo(1)

- make FIFOs named pipes

named-bootconf(8)

- convert name server configuration files

named-xfer(8)

- ancillary agent for inbound zone transfers

named.conf [named](5)

- configuration file for

Opcode(3)

- Disable named opcodes when compiling perl code

dig(1)

- send domain name query packets to name servers

nslookup(8)

- query Internet name servers interactively

ndc(8)

- name daemon control program