{"description": "Install the <tt>bind-chroot</tt> package:\n<pre>$ sudo yum install bind-chroot</pre>\nPlace a valid named.conf file inside the chroot jail:\n<pre>$ sudo cp /etc/named.conf /var/named/chroot/etc/named.conf\n$ sudo chown root:root /var/named/chroot/etc/named.conf\n$ sudo chmod 644 /var/named/chroot/etc/named.conf</pre>\nCreate and populate an appropriate zone directory within the jail, based on the\noptions directive. If your <tt>named.conf</tt> includes:\n<pre>options {\ndirectory \"/path/to/DIRNAME \";\n...\n}</pre>\nthen copy that directory and its contents from the original zone directory:\n<pre>$ sudo cp -r /path/to/DIRNAME /var/named/chroot/DIRNAME</pre>\nAdd or correct the following line within <tt>/etc/sysconfig/named</tt>:\n<pre>ROOTDIR=/var/named/chroot</pre>", "warnings": [{"general": "If you are running BIND in a chroot jail, then you\nshould use the jailed <tt>named.conf</tt> as the primary nameserver\nconfiguration file. That is, when this guide recommends editing\n<tt>/etc/named.conf</tt>, you should instead edit\n<tt>/var/named/chroot/etc/named.conf</tt>."}], "requires": [], "conflicts": [], "values": {}, "groups": {}, "rules": {}, "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "Run DNS Software in a chroot Jail", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/dns/dns_server_isolation/dns_server_chroot/group.yml"}