Bv9ARM.ch07.html revision dc9edc13327189fe890ed3565b4e7a9bd6776402
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<title>Chapter�7.�BIND 9 Security Considerations</title>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch06.html" title="Chapter�6.�BIND 9 Configuration Reference">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<tr><th colspan="3" align="center">Chapter�7.�<acronym class="acronym">BIND</acronym> 9 Security Considerations</th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="Bv9ARM.ch06.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch08.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title">
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<a name="Bv9ARM.ch07"></a>Chapter�7.�<acronym class="acronym">BIND</acronym> 9 Security Considerations</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2609029"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609110">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609170">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="Access_Control_Lists"></a>Access Control Lists</h2></div></div></div>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater Access Control Lists (ACLs) are address match lists that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein you can set up and nickname for future use in
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews <span><strong class="command">allow-notify</strong></span>, <span><strong class="command">allow-query</strong></span>,
68b30890ebd441a6a1ae3fdf71744d07d02cd030Mark Andrews <span><strong class="command">allow-query-on</strong></span>, <span><strong class="command">allow-recursion</strong></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">blackhole</strong></span>, <span><strong class="command">allow-transfer</strong></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">match-clients</strong></span>, etc.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Using ACLs allows you to have finer control over who can access
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein your name server, without cluttering up your config files with huge
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein lists of IP addresses.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein It is a <span class="emphasis"><em>good idea</em></span> to use ACLs, and to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein control access to your server. Limiting access to your server by
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews outside parties can help prevent spoofing and denial of service
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (DoS) attacks against your server.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACLs match clients on the basis of up to three characteristics:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 1) The client's IP address; 2) the TSIG or SIG(0) key that was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein used to sign the request, if any; and 3) an address prefix
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews encoded in an EDNS Client Subnet option, if any.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Here is an example of ACLs based on client addresses:
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews// Set up an ACL named "bogusnets" that will block
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// RFC1918 space and some reserved space, which is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews// commonly used in spoofing attacks.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luceacl bogusnets {
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// Set up an ACL called our-nets. Replace this with the
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce// real IP numbers.
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce allow-query { our-nets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce allow-recursion { our-nets; };
f293a69bcd1c1dd7bdac8f4102fc2398b9e475c8Eric Luce blackhole { bogusnets; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein type master;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein allow-query { any; };
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews This allows authoritative queries for "example.com" from any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein address, but recursive queries only from the networks specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in "our-nets", and no queries at all from the networks
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified in "bogusnets".
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews In addition to network addresses and prefixes, which are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein matched against the source address of the DNS request, ACLs
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater may include <code class="option">key</code> elements, which specify the
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater name of a TSIG or SIG(0) key, or <code class="option">ecs</code>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater elements, which specify a network prefix but are only matched
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater if that prefix matches an EDNS client subnet option included
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater in the request.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The EDNS Client Subnet (ECS) option is used by a recursive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein resolver to inform an authoritative name server of the network
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews address block from which the original query was received, enabling
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authoritative servers to give different answers to the same
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein resolver for different resolver clients. An ACL containing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein an element of the form
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">ecs <em class="replaceable"><code>prefix</code></em></strong></span>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews will match if a request arrives in containing an ECS option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein encoding an address within that prefix. If the request has no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ECS option, then "ecs" elements are simply ignored. Addresses
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in ACLs that are not prefixed with "ecs" are matched only
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein against the source address.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When <acronym class="acronym">BIND</acronym> 9 is built with GeoIP support,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACLs can also be used for geographic access restrictions.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater This is done by specifying an ACL element of the form:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">geoip [<span class="optional">db <em class="replaceable"><code>database</code></em></span>] <em class="replaceable"><code>field</code></em> <em class="replaceable"><code>value</code></em></strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The <em class="replaceable"><code>field</code></em> indicates which field
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to search for a match. Available fields are "country",
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "region", "city", "continent", "postal" (postal code),
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews "metro" (metro code), "area" (area code), "tz" (timezone),
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews "isp", "org", "asnum", "domain" and "netspeed".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="replaceable"><code>value</code></em> is the value to search
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for within the database. A string may be quoted if it
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein contains spaces or other special characters. If this is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein an "asnum" search, then the leading "ASNNNN" string can be
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews used, otherwise the full description must be used (e.g.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "ASNNNN Example Company Name"). If this is a "country"
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein search and the string is two characters long, then it must
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be a standard ISO-3166-1 two-letter country code, and if it
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is three characters long then it must be an ISO-3166-1
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein three-letter country code; otherwise it is the full name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the country. Similarly, if this is a "region" search
47012ae6dbf18a2503d7b33c1c9583dc38625cb7Mark Andrews and the string is two characters long, then it must be a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein standard two-letter state or province abbreviation;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein otherwise it is the full name of the state or province.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The <em class="replaceable"><code>database</code></em> field indicates which
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater GeoIP database to search for a match. In most cases this is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unnecessary, because most search fields can only be found in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a single database. However, searches for country can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answered from the "city", "region", or "country" databases,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and searches for region (i.e., state or province) can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answered from the "city" or "region" databases. For these
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein search types, specifying a <em class="replaceable"><code>database</code></em>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will force the query to be answered from that database and no
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein other. If <em class="replaceable"><code>database</code></em> is not
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews specified, then these queries will be answered from the "city",
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews database if it is installed, or the "region" database if it is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein installed, or the "country" database, in that order.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews By default, if a DNS query includes an EDNS Client Subnet (ECS)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews option which encodes a non-zero address prefix, then GeoIP ACLs
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews will be matched against that address prefix. Otherwise, they
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews are matched against the source address of the query. To
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein prevent GeoIP ACLs from matching against ECS options, set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <span><strong class="command">geoip-use-ecs</strong></span> to <code class="literal">no</code>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Some example GeoIP ACLs:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingeoip country JAP;
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrewsgeoip db country country Canada;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingeoip db region region WA;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingeoip city "San Francisco";
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingeoip region Oklahoma;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingeoip postal 95062;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeingeoip org "Internet Systems Consortium";
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACLs use a "first-match" logic rather than "best-match":
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if an address prefix matches an ACL element, then that ACL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is considered to have matched even if a later element would
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein have matched more specifically. For example, the ACL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command"> { 10/8; !10.0.0.1; }</strong></span> would actually
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein match a query from 10.0.0.1, because the first element
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein indicated that the query should be accepted, and the second
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein element is ignored.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When using "nested" ACLs (that is, ACLs included or referenced
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein within other ACLs), a negative match of a nested ACL will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the containing ACL to continue looking for matches. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein enables complex ACLs to be constructed, in which multiple
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein client characteristics can be checked at the same time. For
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein example, to construct an ACL which allows queries only when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it originates from a particular network <span class="emphasis"><em>and</em></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein only when it is signed with a particular key, use:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinallow-query { !{ !10/8; any; }; key example; };
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Within the nested ACL, any address that is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>not</em></span> in the 10/8 network prefix will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be rejected, and this will terminate processing of the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACL. Any address that <span class="emphasis"><em>is</em></span> in the 10/8
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein network prefix will be accepted, but this causes a negative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein match of the nested ACL, so the containing ACL continues
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein processing. The query will then be accepted if it is signed
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by the key "example", and rejected otherwise. The ACL, then,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will only matches when <span class="emphasis"><em>both</em></span> conditions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2609029"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in a <span class="emphasis"><em>chrooted</em></span> environment (using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <span><strong class="command">chroot()</strong></span> function) by specifying
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <code class="option">-t</code> option for <span><strong class="command">named</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This can help improve system security by placing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <acronym class="acronym">BIND</acronym> in a "sandbox", which will limit
ability to run the daemon as an unprivileged user ( <code class="option">-u</code> <em class="replaceable"><code>user</code></em> ).
We suggest running as an unprivileged user when using the <span><strong class="command">chroot</strong></span> feature.
Here is an example command line to load <acronym class="acronym">BIND</acronym> in a <span><strong class="command">chroot</strong></span> sandbox,
<span><strong class="command">/var/named</strong></span>, and to run <span><strong class="command">named</strong></span> <span><strong class="command">setuid</strong></span> to
<a name="id2609110"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
From <acronym class="acronym">BIND</acronym>'s point of view, <code class="filename">/var/named</code> is
like <span><strong class="command">directory</strong></span> and <span><strong class="command">pid-file</strong></span> to account
<span class="emphasis"><em>not</em></span> need to compile <span><strong class="command">named</strong></span>
<a name="id2609170"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>