chroot implementation of bind and kea

[Viktor Dukhovni]

> On Nov 13, 2017, at 3:14 PM, Dries Michiels <driesmp at hotmail.com> wrote:
> 
> 
> At the moment BINDS’s default chroot behavior is to move all necessary files to a directory specified in rc.conf as named_chrootdir.
> Afterwards the RC script creates a symlink from /usr/local/etc/namedb/ to the named_chrootdir so that config files etc can still be modified from /usr/local/etc/ as that is where they belong.
> However, I find the chroot implementation of isc-dhcpd better. That is, instead of creating a symlink, copying the files over each time the program is (re)started.
> This has the additional benefit that if files in the chroot are compromised they get overwritten by the originals on service restart. Could this be implemented for BIND as well?
> Another little question regarding chroot, is it possible to make net/kea chrootable? There are currently no such options in the kea rc script.

One detail to keep in mind is that validating nameservers need to be
able to make persistent updates to the root zone trust-anchor keys
in accordance RFC 5011.  The root KSK will be updated some time next
year and ideally periodically there-after.  So at least the root
zone trust-anchor keys need to persist across restarts and not
be reset to their initial state.

-- 
	Viktor.