L I N U X B L O G

A U T O S B L O G

L O T S O F S T U F F

O T H E R

Apache-Enable compression by mod_deflate/ mod_gzip module to optimise site Watch your home/Video surveillance with Linux 2 How-To : Configure chroot/jailed DNS Server in Solaris 10
Wednesday , January 6th, 201 0 | By Dusv idania
Like

Linux Ride/Geek Ride

Like 1,026

Subscription Options:
0

Share

Share

Tweet

Currently my DNS server was running on Solaris 8, so when we upgraded our environment to Solaris 10, there was a need to migrate existing DNS setup to new version of Solaris, i.e Solaris 10, along with new version of BIND 9. As Solaris 10 has changed a lot in comparison to Solaris 8, so we have to do some adjustments in order to get DNS start/stop procedure under SMF utility. So here we go: Default DNS Configuration file : /etc/named.conf Default Zone files location : /var/named Now, Download desired BIND version package from sunfreeware.com or any other source you prefer. Install it using pkgadd command. NOTE: By default Solaris 10 has SUNWbind package shipped with it. Use pkginfo command with grep to get a list of installed BIND packages on your system.Optionally, you can remove that. Step 1: Create group and user. # groupadd named # useradd -g named -d /var/named -c "DNS User" -s /bin/false named Step 2: Create Directory structure for chroot environment. # mkdir -p /dns/{etc,var} # mkdir -p /dns/var/{named,run,log} (-p option to mkdir command will create the paths automatically) Step 3: Create named.conf and Populate it.

Sign up for our daily email newsletter: email@address.com

Subscribe

Search

Categories Select Category Tags

apache background change date extract rpm FDisk fedora forking GNU Google http inactive raid

Linux linux administration Mac mdadm mdstat Mysql

nice guys Open Source perl PHP PS3 python raid raid5 raid array raid recovery recover raid redhat rpm script set SimpleHTTPServer Solaris squid proxy ssh system administration system administration book timezone

ubuntu ubuntu upgrade Unix update vim

More blogs

# cd /dns/etc # touch named.conf (NOTE : Do NOT forget to include directory tag inside named.conf, this will be used to place ZONE files under that location. In our case it will be /var/named) Step 4: Change user and group ownership of /dns directory. # chown -R named:named /dns Step 5: Block other users access to this directory. # chmod 750 /dns Step 6: Take backup of default DNS file. # cd /var/svc/manifest/network/dns # cp server.xml server-chroot.xml Edit the new file. # vi server-chroot.xml

Jayant BlogSpot Linux Ubuntu

Search

converted by Web2PDFConvert.com

Add the following entry: name='config' grouping='require_all' restart_on='none' type='path'> This will add a new dependency for DNS service ( use d option with svcs, to list all dependencies for a service) Edit the following lines: <propval name='server' type='astring' value='' /> to <propval name='server' type='astring' value='/usr/local/sbin/named' /> <propval name='configuration_file' type='astring' value='' /> to <propval name='configuration_file' type='astring' value='/etc/named.conf' /> <propval name='chroot_dir' type='astring' value='' /> to <propval name='chroot_dir' type='astring' value='/dns' /> Save and exit the file. Step 7: Validate the changes made in file before importing it into SMF. There should be no errors. # svccfg validate server-chroot.xml Step 8: Now we are ready to import server-chroot.xml into SMF, using svccfg. # svccfg import server-chroot.xml Step 9: Use svcs to list all DNS services in your system. # svcs -a | grep -i dns disabled Dec_04 svc:/network/dns/server:default online Dec_04 svc:/network/dns/client:default online Dec_31 svc:/network/dns/server:chroot ----------- This one is default ------------ This one with chroot environment

Step 10: Disable the default DNS service, if running. # svcadm disable dns/server Step 11: Enable the new chroot DNS service. # svcadm enable dns/server:chroot NOTE : If your system has default BIND package from SUN, i.e SUNWbind. After installing new version of BIND, your system will be having TWO named binaries installed and all the related packages like dig etc. It means whenever you will try to figure out the version of your packages, it will be the binaries from the SUNWbind package. So do a search on your system in that case using find command. But, if you have removed the default package from SUN, then you need to set the PATH in /etc/profile file for the new installed package If you enjoyed this post, make sure you subscribe to my RSS feed!!!!

Related Posts
No related posts.

{ 2 Comments.....browse through or write one }

Brent says:
converted by Web2PDFConvert.com

April 28, 2010 at 2:27 AM This gives me an error on start-up: named: initgroups(): Not owner The solution was to alter the credentials section in the server.xml file (and re-import): method_credential user=named group=named Reply

Napster says: April 28, 2010 at 9:13 AM Thanx brent for the fix. Reply

Leave a Reply
Name (required) Mail (will not be published) (required) Website

Submit Comment
Notify me of followup comments via e-mail Apache-Enable compression by mod_deflate/ mod_gzip module to optimise site Watch your home/Video surveillance with Linux 2010 GeekRide. All rights reserved | Copyright Info | Contact Us

converted by Web2PDFConvert.com