Accordingly, all slave file names in the /chroot/named/etc/file will need to have directory names that designate the slave directory. The -t option changes the root directory from which bind operates to be /chroot/named.The -c option tells Bind that the configuration file is located at /etc/Unless you've explicitly disabled App Armor, you might want to read this before you decide to attempt a chrooted bind.If you still want to go forward with it, you'll need this information, which isn't covered in the instructions that follow here.But it doubles the number of requests made to the nameserver, thus making it an inefficient way to do so.Chrooting BIND9 is a recommended setup from a security perspective if you don't have App Armor installed.
Secondary servers are recommended in larger setups.
It's still a secondary, but it's not going to be asked about the zone you are serving to the internet from A and B If you configure your registered domain to use B and C as your domain's DNS servers, then A is a stealth primary.
Any additional records or edits to the zone are done on A, but computers on the internet will only ever ask B and C about the zone. You can create a CNAME record pointing to another CNAME record.
This is where the files for all slave zones will be kept.
This increases security, by stopping the ability of an attacker to edit any of your master zone files if they do gain access as the bind user.
Remember that this path is relative to the root set by -t.