So I assume configurations files go in /var/named/chroot too. How would you actually run bind then, just via the regular init.d script? it is preconfigured and knows it has to run in a chroot?
Everything (including config files) needs to be under /var/named/chroot, because once the chroot takes hold, that's all that the named will be able to see. Installing the named-chroot package takes care of creating the extra stuff in /var/named/chroot/bin and /var/named/chroot/lib that you'll need (the trickiest part to using chroot is making sure you have local copies of the correct libraries and binaries).
The setting
ROOTDIR=/var/named/chroot
in /etc/sysconfig/named is where you'd enable named to run in chroot mode. This is picked up by the following code in /etc/init.d/named (You can learn a lot by studying the startup scripts in /etc/init.d):
if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
OPTIONS="${OPTIONS} -t ${ROOTDIR}"
fi
daemon /usr/sbin/named -u named ${OPTIONS}So named gets run with "-t /var/named/chroot", which 'man named' will verify informs named to chroot itself.
The only caveat is that you should specify the paths to your files relative to /var/named/chroot. I created a directory /var/named/chroot/data and specify "directory "/data";" in /var/named/chroot/etc/named.conf.
