hi everyone

i have installed bind9 on my ubuntu server....

i have read some tutorials, i faced some problems jailing bind9 in chroot....i was told that in ubuntu 8.04 this is fixed by apparmor and that chrooting the thing was not necessary...

i am wondering how secure is a default installation of bind9 is???

does really apparmor compensate the use of chroot ???

thanks in advance

AppArmor does a similar task as the chroot. The AppArmor profile restricts what the bind daemon can do even if it is compromised. In the chroot jail if bind is compromised the jail restricts the actions.

Personally I find that AppArmor is easier to setup certainly easier to manage than SELinux. AppArmor also seems to be more flexible.

AppArmor Wiki (http://https://wiki.ubuntu.com/AppArmor)

thank you....i still have one more question...

does the default installation that comes with the server secure?
i just added some forward and reverse zones...

When you install bind it also installs the AppArmor profile as well so yes it is secure. You can review and modify the profile in /etc/apparmor.d. Take a look at it and see what it does it is not complex like SELinux and very readable.

thank you