Bind9 won’t chroot at startup

Debian 8.9 (Jessie)

The problem I had was a bind9 server that wouldn’t run in a chroot environment, despite being configured to do so in /etc/default/bind9

Running the daemon directly from the command line using named -u bind -4 -t /var/named/chroot worked just fine and the server ran as expected.

After a little research I found that there is a bug in the bind9 service file for systemctl.

The systemctl service file doesn’t read the options set in /etc/default/bind9

To fix it use the following steps:

cd /etc/systemd/system/
cp /lib/systemd/system/bind9.service .
vi bind9.service

The bind9.service file should look like this:

Description=BIND Domain Name Server

ExecStart=/usr/sbin/named -f $OPTIONS
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop


After editing, re-enable the service to reload the new service file:

systemctl reenable bind9.service

Then check the content of /etc/default/bind9

I disable ipv6 on my servers so I force bind to listen on ipv4 only, but the important part is -t /var/named/chroot

# run resolvconf?

# startup options for the server
OPTIONS="-u bind -4 -t /var/named/chroot"

After restarting bind9, all should work as expected now.

admin has written 97 articles