[networking-guide] master: Update: Running BIND in a chroot environment (8c3d16a)

stephenw at fedoraproject.org stephenw at fedoraproject.org
Mon Jul 21 20:29:02 UTC 2014 

Repository : http://git.fedorahosted.org/cgit/docs/networking-guide.git

On branch  : master

>---------------------------------------------------------------

commit 8c3d16afda81ae6d0f7284126a74046bc69865ab
Author: Stephen Wadeley <swadeley at redhat.com>
Date:   Mon Jul 21 22:27:37 2014 +0200

    Update: Running BIND in a chroot environment
    
    thanks to thozza


>---------------------------------------------------------------

 en-US/BIND.xml |   86 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 73 insertions(+), 13 deletions(-)

diff --git a/en-US/BIND.xml b/en-US/BIND.xml
index d9e2945..53a8dda 100644
--- a/en-US/BIND.xml
+++ b/en-US/BIND.xml
@@ -99,8 +99,78 @@
     <note>
       <title>Running BIND in a chroot environment</title>
       <para>
-        If you have installed the <package>bind-chroot</package> package, the BIND service will run in the <filename class="directory">/var/named/chroot</filename> environment. In that case, the initialization script will mount the above configuration files using the <command>mount --bind</command> command, so that you can manage the configuration outside this environment.
+        If you have installed the <package>bind-chroot</package> package, the BIND service will run in the <filename class="directory">/var/named/chroot</filename> environment. In that case, the initialization script will mount the above configuration files using the <command>mount --bind</command> command, so that you can manage the configuration outside this environment. There is no need to copy anything into the <filename class="directory">/var/named/chroot</filename> directory because it is mounted automatically. This simplifies maintenance since you do not need to take any special care of <systemitem class="service">BIND</systemitem> configuration files if it is run in a <filename class="directory">chroot</filename> environment. You can organize everything as you would with <systemitem class="service">BIND</systemitem> not running in a <filename>chroot</filename> environment.</para>
+      <para>The following directories are automatically mounted into <filename class="directory">/var/named/chroot</filename> if they are empty in the <filename class="directory">/var/named/chroot</filename> directory. They must be kept empty if you want them to be mounted into <filename class="directory">/var/named/chroot</filename>:
+        <itemizedlist>
+          <listitem>
+            <para>
+              <filename>/etc/named</filename>
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              <filename>/etc/pki/dnssec-keys</filename>
+            </para>
+          </listitem>
+           <listitem>
+            <para>
+              <filename>/run/named</filename>
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              <filename>/var/named</filename>
+            </para>
+          </listitem>
+          <listitem>
+            <para>
+              <filename>/usr/lib64/bind</filename> or <filename>/usr/lib/bind</filename>  (architecture dependent).
+            </para>
+          </listitem>
+           </itemizedlist>
       </para>
+
+        <para>
+          The following files are also mounted if the target file does not exist in <filename class="directory">/var/named/chroot</filename>.
+<itemizedlist>
+  <listitem>
+    <para>
+      <filename>/etc/named.conf</filename>
+    </para>
+  </listitem>
+    <listitem>
+    <para>
+      <filename>/etc/rndc.conf</filename>
+    </para>
+  </listitem>
+  <listitem>
+    <para>
+      <filename>/etc/rndc.key</filename>
+    </para>
+  </listitem>
+  <listitem>
+    <para>
+      <filename>/etc/named.rfc1912.zones</filename>
+    </para>
+  </listitem>
+    <listitem>
+    <para>
+      <filename>/etc/named.dnssec.keys</filename>
+    </para>
+  </listitem>
+  <listitem>
+    <para>
+      <filename>/etc/named.iscdlv.key</filename>
+    </para>
+  </listitem>
+    <listitem>
+    <para>
+      <filename>/etc/named.root.key</filename>
+    </para>
+  </listitem>
+
+</itemizedlist>
+</para>
     </note>
     <section id="sec-Installing_Bind_In_A_Chroot_Environment">
 <title>Installing BIND in a chroot Environment</title>
@@ -1932,7 +2002,7 @@ ns.icann.org.           12884   IN      A       192.0.34.126
       <variablelist>
         <varlistentry>
           <term>
-            <filename class="directory">/usr/share/doc/bind/</filename>
+            <filename class="directory">/usr/share/doc/bind-<replaceable>version</replaceable>/</filename>
           </term>
           <listitem>
             <para>
@@ -1941,7 +2011,7 @@ ns.icann.org.           12884   IN      A       192.0.34.126
         </varlistentry>
         <varlistentry>
           <term>
-            <filename class="directory">/usr/share/doc/bind/sample/etc/</filename>
+            <filename class="directory">/usr/share/doc/bind-<replaceable>version</replaceable>/sample/etc/</filename>
           </term>
           <listitem>
             <para>
@@ -2021,16 +2091,6 @@ ns.icann.org.           12884   IN      A       192.0.34.126
             </para>
           </listitem>
         </varlistentry>
-        <varlistentry>
-          <term>
-            <ulink url="http://www.icann.org/en/help/name-collision/faqs"/>
-          </term>
-          <listitem>
-            <para>
-            The <citetitle pubwork="webpage">ICANN FAQ on domain name collision</citetitle>.
-            </para>
-          </listitem>
-        </varlistentry>
       </variablelist>
     </section>
     <section id="sec-bind-related-books">

More information about the docs-commits mailing list