by Debian 8.9 (Jessie)
The problem I had was a bind9 server that wouldn’t run in a chroot environment, despite being configured to do so in /etc/default/bind9
Running the daemon directly from the command line using named -u bind -4 -t /var/named/chroot worked just fine and the server ran as expected.
After a little research I found that there is a bug in the bind9 service file for systemctl.
The systemctl service file doesn’t read the options set in /etc/default/bind9
To fix it use the following steps:
cd /etc/systemd/system/ cp /lib/systemd/system/bind9.service . vi bind9.service
The bind9.service file should look like this:
[Unit] Description=BIND Domain Name Server Documentation=man:named(8) After=network.target [Service] EnvironmentFile=/etc/default/bind9 ExecStart=/usr/sbin/named -f $OPTIONS ExecReload=/usr/sbin/rndc reload ExecStop=/usr/sbin/rndc stop [Install] WantedBy=multi-user.target
After editing, re-enable the service to reload the new service file:
systemctl reenable bind9.service
Then check the content of /etc/default/bind9
I disable ipv6 on my servers so I force bind to listen on ipv4 only, but the important part is -t /var/named/chroot
# run resolvconf? RESOLVCONF=no # startup options for the server OPTIONS="-u bind -4 -t /var/named/chroot" #
After restarting bind9, all should work as expected now.