BIND
| Download Source: | http://ftp.isc.org/isc/bind9/9.6.1-P2/bind-9.6.1-P2.tar.gz |
|---|---|
| Alternate Download Source: | http://gd.tuwien.ac.at/infosys/servers/isc/bind/9.6.1-P2/bind-9.6.1-P2.tar.gz |
Contents
Introduction to BIND
BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System.
Project Homepage: http://www.bind9.net/
Dependencies
Optional
- OpenSSL (Recommended for secure environments)
Non-Multilib
Compile the package:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads --with-libtool && make
Install the package
make install
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads \
--with-libtool &&
make
Install the package
make install &&
mv -v /usr/bin/isc-config.sh{,-32}
N32
Compile the package:
CC="gcc ${BUILDN32}" ./configure --prefix=/usr --libdir=/usr/lib32 --sysconfdir=/etc --localstatedir=/var \
--enable-threads --with-libtool &&
make
Install the package
make install &&
mv -v /usr/bin/isc-config.sh{,-n32}
64Bit
Compile the package:
CC="gcc ${BUILD64}" ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc --localstatedir=/var \
--enable-threads --with-libtool &&
make
Install the package
make install &&
mv -v /usr/bin/isc-config.sh{,-64} &&
ln -sfv multiarch_wrapper /usr/bin/isc-config.sh
Configuring Bind
Named User/Group
groupadd -g 52 named && useradd -c 'BIND User' -d /srv/named -g named -s /bin/false -u 52 named
BootScript
Install the init script included in the bootscripts package.
make install-bind
Basic structure for the chroot environment
install -dv /srv/named/{dev,etc/namedb/{pz,slave},var/run} &&
mknod -m666 /srv/named/dev/null c 1 3 &&
mknod -m666 /srv/named/dev/zero c 1 5 &&
mknod -m666 /srv/named/dev/random c 1 8 &&
cp -L /etc/localtime /srv/named/etc/localtime
Configuration
Create a basic internal configuration for bind, You may have to substitute some ip addresses and subnets depending on your configuration:
cat > /srv/named/etc/named.conf << "EOF"
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
forwarders { 208.67.222.222; 208.67.220.220; };
allow-query { "lan"; };
listen-on { 127.0.0.1; };
listen-on { 192.168.1.1; };
};
acl "lan" {
127.0.0.1;
192.168.1.0/24;
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "Insert RNDC Key Here";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
channel default_syslog {
syslog daemon;
severity info;
};
channel default_debug {
file "named.run";
severity dynamic;
};
channel default_stderr {
stderr;
severity info;
};
channel null {
null;
};
};
EOF
Create a configuration file for the nameserver remote control utility:
cat > /etc/rndc.conf << "EOF"
options {
default-server 127.0.0.1;
default-key "rndckey";
};
server 127.0.0.1 {
key "rndckey";
};
key "rndc_key" {
algorithm "hmac-md5";
secret "Insert RNDC Key Here";
};
EOF
Create a default zone for localhost:
cat > /srv/named/etc/namedb/pz/localhost << "EOF"
$TTL 3D
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS @
IN A 127.0.0.1
EOF
And the corresponding reverse lookup zone:
cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
$TTL 1D
@ IN SOA localhost. root.localhost. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum
IN NS localhost.
1 IN PTR localhost.
EOF
