Enhanced DNS Security: BIND can be run under Chroot

Article Title: enhanced DNS Security: BIND can be run under Chroot. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Running BIND on chroot improves security. This article has been tested on Debian Sarge. You can modify other versions as needed.
　　
If you have not installed BIND, run the following command to install Bind 9.
　　
Code:
　　
Apt-get install bind9
　　
Stop the Bind service before modifying the Configuration:
　　
Code:
　　
/Etc/init. d/bind9 stop
　　
Open the configuration file:
　　
Code:
　　
Nano-w/etc/default/bind9
　　
Change the content:
　　
Code:
　　
OPTIONS = "-u bind-t/var/lib/named"
　　
Create related directories:
　　
Code:
　　
Mkdir-p/var/lib/named/etc
　　
Mkdir/var/lib/named/dev
　　
Mkdir-p/var/lib/named/var/cache/bind
　　
Mkdir-p/var/lib/named/var/run/bind/run
　　
Mobile configuration directory:
　　
Code:
　　
Mv/etc/bind/var/lib/named/etc
　　
Create a link to Upgrade Bind later:
　　
Code:
　　
Ln-s/var/lib/named/etc/bind
　　
Create a null and random Device and Set directory ownership:
　　
Code:
　　
Mknod/var/lib/named/dev/null c 1 3
　　
Mknod/var/lib/named/dev/random c 1 8
　　
Chmod 666/var/lib/named/dev/null/var/lib/named/dev/random
　　
Chown-R bind: bind/var/lib/named/var /*
　　
Chown-R bind: bind/var/lib/named/etc/bind
　　
Then we need to modify the syslog configuration to get the log file accurately.
　　
Code:
　　
Nano-w/etc/init. d/sysklogd
　　
Find SYSLOGD = and change it to SYSLOGD = "-a/var/lib/named/dev/log ".
　　
Restart syslog daemon:
　　
Code:
　　
/Etc/init. d/sysklogd restart
　　
Start Bind:
　　
Code:
　　
/Etc/init. d/bind9 start
　　
Then you can view error logs through tail/var/log/syslog.