BIND
From CBLFS
Jump to navigationJump to search| Download Source: | http://ftp.isc.org/isc/bind9/9.6.1-P2/bind-9.6.1-P2.tar.gz |
|---|---|
| Alternate Download Source: | http://gd.tuwien.ac.at/infosys/servers/isc/bind/9.6.1-P2/bind-9.6.1-P2.tar.gz |
Contents
Introduction to BIND
BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System.
Project Homepage: http://www.bind9.net/
Dependencies
Optional
- OpenSSL (Recommended for secure environments)
Non-Multilib
Compile the package:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads --with-libtool && make
Install the package
make install
Multilib
32Bit
Compile the package:
CC="gcc ${BUILD32}" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads \
--with-libtool &&
make
Install the package
make install &&
mv -v /usr/bin/isc-config.sh{,-32}
N32
Compile the package:
CC="gcc ${BUILDN32}" ./configure --prefix=/usr --libdir=/usr/lib32 --sysconfdir=/etc --localstatedir=/var \
--enable-threads --with-libtool &&
make
Install the package
make install &&
mv -v /usr/bin/isc-config.sh{,-n32}
64Bit
Compile the package:
CC="gcc ${BUILD64}" ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc --localstatedir=/var \
--enable-threads --with-libtool &&
make
Install the package
make install &&
mv -v /usr/bin/isc-config.sh{,-64} &&
ln -sfv multiarch_wrapper /usr/bin/isc-config.sh
Configuring Bind
Named User/Group
groupadd -g 52 named && useradd -c 'BIND User' -d /srv/named -g named -s /bin/false -u 52 named
BootScript
Install the init script included in the bootscripts package.
make install-bind
Basic structure for the chroot environment
install -dv /srv/named/{dev,etc/namedb/{pz,slave},var/run} &&
mknod -m666 /srv/named/dev/null c 1 3 &&
mknod -m666 /srv/named/dev/zero c 1 5 &&
mknod -m666 /srv/named/dev/random c 1 8 &&
cp -L /etc/localtime /srv/named/etc/localtime
Configuration
Generate a RNDC Key for use in the next 2 configuration files below:
rndc-confgen -r /dev/urandom -b 512 | sed -e '/^\tsecret/!d' -e 's/^\(.*\)"\(.*\)"\(.*\)$/\2/'
Create a basic internal configuration for bind, You may have to substitute some ip addresses and subnets depending on your configuration:
cat > /srv/named/etc/named.conf << "EOF"
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
allow-query { "lan"; };
listen-on { 127.0.0.1; };
listen-on { 192.168.1.1; };
};
acl "lan" {
127.0.0.1;
192.168.1.0/24;
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "Insert RNDC Key Here";
};
zone "." {
type hint;
file "root.hints";
};
zone "localhost" {
type master;
file "pz/localhost";
notify no;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
notify no;
};
# The following 2 zones are examples for setting up forward and reverse lookup zone
# They can be updated with the rndc key from the rndc utility or Dhcp
#zone "test.local" {
# type master;
# file "pz/test.local";
# allow-update { key "rndc_key"; };
# allow-transfer { 127.0.0.1; };
# notify yes;
#};
#
#zone "1.168.192.in-addr.arpa" {
# type master;
# file "pz/1.168.192.in-addr.arpa";
# allow-update { key "rndc_key"; };
# allow-transfer { 127.0.0.1; };
# notify yes;
#};
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
channel default_syslog {
syslog daemon;
severity info;
};
channel default_debug {
file "named.run";
severity dynamic;
};
channel default_stderr {
stderr;
severity info;
};
channel null {
null;
};
};
EOF
Create a configuration file for the nameserver remote control utility:
cat > /etc/rndc.conf << "EOF"
options {
default-server 127.0.0.1;
default-key "rndckey";
};
server 127.0.0.1 {
key "rndckey";
};
key "rndc_key" {
algorithm "hmac-md5";
secret "Insert RNDC Key Here";
};
EOF
The following list of root hints was copied from Internic[1] on 2010-01-08:
cat > /srv/named/etc/namedb/root.hints << "EOF" ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.root ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Dec 12, 2008 ; related version of root zone: 2008121200 ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35 ; End of File EOF
Create a default zone for localhost:
cat > /srv/named/etc/namedb/pz/localhost << "EOF"
$TTL 3D
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D) ; minimum
IN NS @
IN A 127.0.0.1
EOF
And the corresponding reverse lookup zone:
cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
$TTL 1D
@ IN SOA localhost. root.localhost. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum
IN NS localhost.
1 IN PTR localhost.
EOF
Permissions
Change the ownership and set permissions:
chmod -Rv ug+rw /srv/named chown -Rv named:named /srv/named
