Debian配置dns启用Chroot

2024-01-23 14:27:58

#修改在/var/named下运行
vim /etc/default/bind9
OPTIONS="-u bind -t /var/named"
system daemon-reload		//守护进程重新加载
#启用chroot
mkdir -p /var/named/{etc,dev,run/named,/var/cache/bind}			//创建运行目录
mknod /var/named/dev/null c 1 3
mknod /var/named/dev/random c 1 8
mknod /var/named/dev/urandom c 1 9
chmod 660 /var/named/dev/{null,random,urandom}		//修改权限
mv /etc/bind /var/named/etc			//将bind移动到chroot目录中
ln -s /var/named/etc/bind /etc/bind			//创建软连接
chown bind:bind /var/named/etc/bind/rndc.key
chown bind:bind /var/named/run/named
chmod 775 /var/named/{var/cache/bind,/run/named}
chgrp bind /var/named/{var/cache/bind,/run/named}		//更改所有权
vim /etc/apparmor.d/local/usr.sbin.named			
#从Buster开始,Debian默认开启apparmor,所以需要添加权限
/var/named/etc/bind/** r,
/var/named/dev/** rw,
/var/named/var/** rw,
/var/named/run/** rw,
/var/named/usr/** rw,
#重新加载apparmor配置文件
systemctl reload apparmor
#对于Debian 10 Buster,要启用chroot还需要/usr/share/dns下的文件
mkdir -p /var/named/usr/share/dns		//创建目录
cp /usr/share/dns /var/named/usr/share/dns/			//复制文件
#最后告诉rsyslog在正确位置监听绑定日志
echo "\$AddUnixListenSocket /var/named/dev/log" > /etc/rsyslog.d/bind-chroot.conf
#重启rsyslog和bind9
systemctl restart rsyslog 
systemctl restart bind9
上一篇:1.v-bind / v- model


下一篇:文献导读 | Single-Cell Sequencing of iPSC-Dopamine Neurons Reconstructs Disease Progression and Identifi