Since DNS is within the top 5 network security attack targets I have written the below dirty how to on implementing a secure BIND 9 installation.

This document explains how to configure BIND in a “chroot jail” which means BIND cannot see or access files outside its own directory structure. Also we will configure it to run as a non root user bind to avoid root powers.

When you run BIND in a chroot jail, the BIND process is unable to see any part of the filesystem outside the jail. In BIND’s eyes, the contents of the jail directory will appear to be / or the root directory. All things outside this directory will not have access to it.

Create a user and group:

Failed to render LaTeX expression — no expression found

Create your BIND chroot location:

Failed to render LaTeX expression — no expression found

Untar and compile to your chroot location:

Failed to render LaTeX expression — no expression found

Setup the chroot directory structure for bind:

Failed to render LaTeX expression — no expression found

Secure Directory Permissions:

Failed to render LaTeX expression — no expression found

Configuration Files:

MAKE SURE YOUR NAMED.CONF has correct chroot paths.
(need named.conf rndc.conf, db.127.0.0, db.cache)

Failed to render LaTeX expression — no expression found

Example rndc.conf file

Failed to render LaTeX expression — no expression found

Example named.conf file

Failed to render LaTeX expression — no expression found

How to start DNS in the new chroot environment:

To manual start and test enter:

Failed to render LaTeX expression — no expression found

Hope this will help you!

Please Remember me in your prayers!

Enjoy