Debian 8.9 (Jessie)

The problem I had was a bind9 server that wouldn't run in a chroot environment, despite being configured to do so in /etc/default/bind9

Running the daemon directly from the command line using named -u bind -4 -t /var/named/chroot worked just fine and the server ran as expected.

After a little research I found that there is a bug in the bind9 service file for systemctl.

The systemctl service file doesn't read the options set in /etc/default/bind9

To fix it use the following steps:

cd /etc/systemd/system/
cp /lib/systemd/system/bind9.service .
vi bind9.service

The bind9.service file should look like this:

[Unit]
Description=BIND Domain Name Server
Documentation=man:named(8)
After=network.target

[Service]
EnvironmentFile=/etc/default/bind9
ExecStart=/usr/sbin/named -f $OPTIONS
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop

[Install]
WantedBy=multi-user.target

After editing, re-enable the service to reload the new service file:

systemctl reenable bind9.service

Then check the content of /etc/default/bind9

I disable ipv6 on my servers so I force bind to listen on ipv4 only, but the important part is -t /var/named/chroot

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4 -t /var/named/chroot"
#

After restarting bind9, all should work as expected now.

Tags: DNS , Bind9 , Linux

Return to home page: Home