Difference between revisions of "BIND"

From CBLFS
Jump to navigationJump to search
 
(Configuration)
 
(29 intermediate revisions by 7 users not shown)
Line 2: Line 2:
 
|-
 
|-
 
!Download Source:
 
!Download Source:
| ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
+
| http://ftp.isc.org/isc/bind{{BIND-Version2}}/{{BIND-Version}}/bind-{{BIND-Version}}.tar.gz
 
|-
 
|-
 
!Alternate Download Source:
 
!Alternate Download Source:
| http://gd.tuwien.ac.at/infosys/servers/isc/bind9/9.3.2/bind-9.3.2.tar.gz
+
| http://gd.tuwien.ac.at/infosys/servers/isc/bind/{{BIND-Version}}/bind-{{BIND-Version}}.tar.gz
 
|}
 
|}
  
=== Dependencies ===
+
{{Package-Introduction|BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System.|http://www.bind9.net/}}
  
== Optional ==
+
== Dependencies ==
 +
 
 +
=== Optional ===
  
 
* [[OpenSSL]] (Recommended for secure environments)
 
* [[OpenSSL]] (Recommended for secure environments)
Line 18: Line 20:
 
Compile the package:
 
Compile the package:
  
  ./configure --prefix=/usr &&
+
  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads --with-libtool &&
 
  make
 
  make
  
 
Install the package
 
Install the package
  
  make -C bin/dig install
+
  make install
  
 
== Multilib ==
 
== Multilib ==
Line 31: Line 33:
 
Compile the package:
 
Compile the package:
  
  CC="gcc ${BUILD32}" ./configure --prefix=/usr &&
+
  CC="gcc ${BUILD32}" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads \
 +
      --with-libtool &&
 
  make
 
  make
  
 
Install the package
 
Install the package
  
  make -C bin/dig install
+
  make install &&
 +
mv -v /usr/bin/isc-config.sh{,-32}
  
 
=== N32 ===
 
=== N32 ===
Line 42: Line 46:
 
Compile the package:
 
Compile the package:
  
  CC="gcc ${BUILDN32}" ./configure --prefix=/usr \
+
  CC="gcc ${BUILDN32}" ./configure --prefix=/usr --libdir=/usr/lib32 --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib32 &&
+
      --enable-threads --with-libtool &&
 
  make
 
  make
  
 
Install the package
 
Install the package
  
  make -C bin/dig install
+
  make install &&
 +
mv -v /usr/bin/isc-config.sh{,-n32}
  
 
=== 64Bit ===
 
=== 64Bit ===
Line 54: Line 59:
 
Compile the package:
 
Compile the package:
  
  CC="gcc ${BUILD64}" ./configure --prefix=/usr \
+
  CC="gcc ${BUILD64}" ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc --localstatedir=/var \
    --libdir=/usr/lib64 &&
+
    --enable-threads --with-libtool &&
 
  make
 
  make
  
 
Install the package
 
Install the package
  
  make -C bin/dig install
+
  make install &&
 +
mv -v /usr/bin/isc-config.sh{,-64} &&
 +
ln -sfv multiarch_wrapper /usr/bin/isc-config.sh
 +
 
 +
== Configuring Bind ==
 +
 
 +
=== Named User/Group ===
 +
 
 +
groupadd -g 52 named &&
 +
useradd -c 'BIND User' -d /srv/named -g named -s /bin/false -u 52 named
 +
 
 +
=== BootScript ===
 +
 
 +
Install the init script included in the [[bootscripts]] package.
 +
 
 +
make install-bind
 +
 
 +
=== Basic structure for the chroot environment ===
 +
 
 +
install -dv /srv/named/{dev,etc/namedb/{pz,slave},var/run} &&
 +
mknod -m666 /srv/named/dev/null c 1 3 &&
 +
mknod -m666 /srv/named/dev/zero c 1 5 &&
 +
mknod -m666 /srv/named/dev/random c 1 8 &&
 +
cp -L /etc/localtime /srv/named/etc/localtime
 +
 
 +
=== Configuration ===
 +
 
 +
Generate a RNDC Key for use in the next 2 configuration files below:
 +
 
 +
rndc-confgen -r /dev/urandom -b 512 | sed -e '/^\tsecret/!d' -e 's/^\(.*\)"\(.*\)"\(.*\)$/\2/'
 +
 
 +
Create a basic internal configuration for bind, You may have to substitute some ip addresses and subnets depending on your configuration:
 +
 
 +
cat > /srv/named/etc/named.conf << "EOF"
 +
options {
 +
    directory "/etc/namedb";
 +
    pid-file "/var/run/named.pid";
 +
    statistics-file "/var/run/named.stats";
 +
 +
    allow-query { "lan"; };
 +
 +
    listen-on { 127.0.0.1; };
 +
    listen-on { 192.168.1.1; };
 +
};
 +
 +
acl "lan" {
 +
    127.0.0.1;
 +
    192.168.1.0/24;
 +
};
 +
 +
controls {
 +
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
 +
};
 +
 +
key "rndc_key" {
 +
    algorithm hmac-md5;
 +
    secret "'''''Insert RNDC Key Here'''''";
 +
};
 +
 +
zone "." {
 +
    type hint;
 +
    file "root.hints";
 +
};
 +
 +
zone "localhost" {
 +
    type master;
 +
    file "pz/localhost";
 +
    notify no;
 +
};
 +
 +
zone "0.0.127.in-addr.arpa" {
 +
    type master;
 +
    file "pz/127.0.0";
 +
    notify no;
 +
};
 +
 +
# The following 2 zones are examples for setting up forward and reverse lookup zone
 +
# They can be updated with the rndc key from the rndc utility or [[Dhcp]]
 +
#zone "test.local" {
 +
#    type master;
 +
#    file "pz/test.local";
 +
#    allow-update { key "rndc_key"; };
 +
#    allow-transfer { 127.0.0.1; };
 +
#    notify yes;
 +
#};
 +
#
 +
#zone "1.168.192.in-addr.arpa" {
 +
#    type master;
 +
#    file "pz/1.168.192.in-addr.arpa";
 +
#    allow-update { key "rndc_key"; };
 +
#    allow-transfer { 127.0.0.1; };
 +
#    notify yes;
 +
#};
 +
 +
logging {
 +
    category default { default_syslog; default_debug; };
 +
    category unmatched { null; };
 +
    channel default_syslog {
 +
        syslog daemon;
 +
        severity info;
 +
    };
 +
    channel default_debug {
 +
        file "named.run";
 +
        severity dynamic;
 +
    };
 +
    channel default_stderr {
 +
        stderr;
 +
        severity info;
 +
    };
 +
    channel null {
 +
        null;
 +
    };
 +
};
 +
EOF
 +
 
 +
Create a configuration file for the nameserver remote control utility:
 +
 
 +
cat > /etc/rndc.conf << "EOF"
 +
options {
 +
    default-server 127.0.0.1;
 +
    default-key "rndckey";
 +
};
 +
 +
server 127.0.0.1 {
 +
    key "rndckey";
 +
};
 +
 +
key "rndc_key" {
 +
    algorithm      "hmac-md5";
 +
    secret          "'''''Insert RNDC Key Here'''''";
 +
};
 +
EOF
 +
 
 +
The following list of root hints was copied from Internic[http://www.internic.net/zones/named.root] on 2010-01-08:
 +
 
 +
cat > /srv/named/etc/namedb/root.hints << "EOF"
 +
;      This file holds the information on root name servers needed to
 +
;      initialize cache of Internet domain name servers
 +
;      (e.g. reference this file in the "cache  .  <file>"
 +
;      configuration file of BIND domain name servers).
 +
;
 +
;      This file is made available by InterNIC
 +
;      under anonymous FTP as
 +
;          file                /domain/named.root
 +
;          on server          FTP.INTERNIC.NET
 +
;      -OR-                    RS.INTERNIC.NET
 +
;
 +
;      last update:    Dec 12, 2008
 +
;      related version of root zone:  2008121200
 +
;
 +
; formerly NS.INTERNIC.NET
 +
;
 +
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
 +
A.ROOT-SERVERS.NET.      3600000      A    198.41.0.4
 +
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
 +
;
 +
; FORMERLY NS1.ISI.EDU
 +
;
 +
.                        3600000      NS    B.ROOT-SERVERS.NET.
 +
B.ROOT-SERVERS.NET.      3600000      A    192.228.79.201
 +
;
 +
; FORMERLY C.PSI.NET
 +
;
 +
.                        3600000      NS    C.ROOT-SERVERS.NET.
 +
C.ROOT-SERVERS.NET.      3600000      A    192.33.4.12
 +
;
 +
; FORMERLY TERP.UMD.EDU
 +
;
 +
.                        3600000      NS    D.ROOT-SERVERS.NET.
 +
D.ROOT-SERVERS.NET.      3600000      A    128.8.10.90
 +
;
 +
; FORMERLY NS.NASA.GOV
 +
;
 +
.                        3600000      NS    E.ROOT-SERVERS.NET.
 +
E.ROOT-SERVERS.NET.      3600000      A    192.203.230.10
 +
;
 +
; FORMERLY NS.ISC.ORG
 +
;
 +
.                        3600000      NS    F.ROOT-SERVERS.NET.
 +
F.ROOT-SERVERS.NET.      3600000      A    192.5.5.241
 +
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
 +
;
 +
; FORMERLY NS.NIC.DDN.MIL
 +
;
 +
.                        3600000      NS    G.ROOT-SERVERS.NET.
 +
G.ROOT-SERVERS.NET.      3600000      A    192.112.36.4
 +
;
 +
; FORMERLY AOS.ARL.ARMY.MIL
 +
;
 +
.                        3600000      NS    H.ROOT-SERVERS.NET.
 +
H.ROOT-SERVERS.NET.      3600000      A    128.63.2.53
 +
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
 +
;
 +
; FORMERLY NIC.NORDU.NET
 +
;
 +
.                        3600000      NS    I.ROOT-SERVERS.NET.
 +
I.ROOT-SERVERS.NET.      3600000      A    192.36.148.17
 +
;
 +
; OPERATED BY VERISIGN, INC.
 +
;
 +
.                        3600000      NS    J.ROOT-SERVERS.NET.
 +
J.ROOT-SERVERS.NET.      3600000      A    192.58.128.30
 +
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
 +
;
 +
; OPERATED BY RIPE NCC
 +
;
 +
.                        3600000      NS    K.ROOT-SERVERS.NET.
 +
K.ROOT-SERVERS.NET.      3600000      A    193.0.14.129
 +
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
 +
;
 +
; OPERATED BY ICANN
 +
;
 +
.                        3600000      NS    L.ROOT-SERVERS.NET.
 +
L.ROOT-SERVERS.NET.      3600000      A    199.7.83.42
 +
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42 
 +
;
 +
; OPERATED BY WIDE
 +
;
 +
.                        3600000      NS    M.ROOT-SERVERS.NET.
 +
M.ROOT-SERVERS.NET.      3600000      A    202.12.27.33
 +
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
 +
; End of File
 +
EOF
 +
 
 +
Create a default zone for localhost:
 +
 
 +
cat > /srv/named/etc/namedb/pz/localhost << "EOF"
 +
$TTL    3D
 +
@      IN SOA  @ root (
 +
                            42          ; serial (d. adams)
 +
                            3H          ; refresh
 +
                            15M        ; retry
 +
                            1W          ; expiry
 +
                            1D)        ; minimum
 +
        IN NS          @
 +
        IN A            127.0.0.1
 +
EOF
 +
 
 +
And the corresponding reverse lookup zone:
 +
 
 +
cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
 +
$TTL    1D
 +
@      IN      SOA    localhost. root.localhost.  (
 +
                            1          ; Serial
 +
                            8H        ; Refresh
 +
                            2H        ; Retry
 +
                            4W        ; Expire
 +
                            1D)        ; Minimum
 +
        IN      NS      localhost.
 +
1      IN      PTR    localhost.
 +
EOF
 +
 
 +
=== Permissions ===
 +
 
 +
Change the ownership and set permissions:
 +
 
 +
chmod -Rv ug+rw /srv/named
 +
chown -Rv named:named /srv/named
 +
 
 +
[[Category:Network Utilities]]

Latest revision as of 17:24, 8 January 2010

Download Source: http://ftp.isc.org/isc/bind9/9.6.1-P2/bind-9.6.1-P2.tar.gz
Alternate Download Source: http://gd.tuwien.ac.at/infosys/servers/isc/bind/9.6.1-P2/bind-9.6.1-P2.tar.gz

Introduction to BIND

BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System.

Project Homepage: http://www.bind9.net/

Dependencies

Optional

  • OpenSSL (Recommended for secure environments)

Non-Multilib

Compile the package:

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads --with-libtool &&
make

Install the package

make install

Multilib

32Bit

Compile the package:

CC="gcc ${BUILD32}" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads \
     --with-libtool &&
make

Install the package

make install &&
mv -v /usr/bin/isc-config.sh{,-32}

N32

Compile the package:

CC="gcc ${BUILDN32}" ./configure --prefix=/usr --libdir=/usr/lib32 --sysconfdir=/etc --localstatedir=/var \
     --enable-threads --with-libtool &&
make

Install the package

make install &&
mv -v /usr/bin/isc-config.sh{,-n32}

64Bit

Compile the package:

CC="gcc ${BUILD64}" ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc --localstatedir=/var \
    --enable-threads --with-libtool &&
make

Install the package

make install &&
mv -v /usr/bin/isc-config.sh{,-64} &&
ln -sfv multiarch_wrapper /usr/bin/isc-config.sh

Configuring Bind

Named User/Group

groupadd -g 52 named &&
useradd -c 'BIND User' -d /srv/named -g named -s /bin/false -u 52 named

BootScript

Install the init script included in the bootscripts package.

make install-bind

Basic structure for the chroot environment

install -dv /srv/named/{dev,etc/namedb/{pz,slave},var/run} &&
mknod -m666 /srv/named/dev/null c 1 3 &&
mknod -m666 /srv/named/dev/zero c 1 5 &&
mknod -m666 /srv/named/dev/random c 1 8 &&
cp -L /etc/localtime /srv/named/etc/localtime

Configuration

Generate a RNDC Key for use in the next 2 configuration files below:

rndc-confgen -r /dev/urandom -b 512 | sed -e '/^\tsecret/!d' -e 's/^\(.*\)"\(.*\)"\(.*\)$/\2/'

Create a basic internal configuration for bind, You may have to substitute some ip addresses and subnets depending on your configuration:

cat > /srv/named/etc/named.conf << "EOF"
options {
    directory "/etc/namedb";
    pid-file "/var/run/named.pid";
    statistics-file "/var/run/named.stats";

    allow-query { "lan"; };

    listen-on { 127.0.0.1; };
    listen-on { 192.168.1.1; };
};

acl "lan" {
    127.0.0.1;
    192.168.1.0/24;
};

controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
    algorithm hmac-md5;
    secret "Insert RNDC Key Here";
};

zone "." {
    type hint;
    file "root.hints";
};

zone "localhost" {
    type master;
    file "pz/localhost";
    notify no;
};

zone "0.0.127.in-addr.arpa" {
    type master;
    file "pz/127.0.0";
    notify no;
};

# The following 2 zones are examples for setting up forward and reverse lookup zone
# They can be updated with the rndc key from the rndc utility or Dhcp
#zone "test.local" {
#    type master;
#    file "pz/test.local";
#    allow-update { key "rndc_key"; };
#    allow-transfer { 127.0.0.1; };
#    notify yes;
#};
#
#zone "1.168.192.in-addr.arpa" {
#    type master;
#    file "pz/1.168.192.in-addr.arpa";
#    allow-update { key "rndc_key"; };
#    allow-transfer { 127.0.0.1; };
#    notify yes;
#};

logging {
    category default { default_syslog; default_debug; };
    category unmatched { null; };
    channel default_syslog {
        syslog daemon;
        severity info;
    };
    channel default_debug {
        file "named.run";
        severity dynamic;
    };
    channel default_stderr {
        stderr;
        severity info;
    };
    channel null {
        null;
    };
};
EOF

Create a configuration file for the nameserver remote control utility:

cat > /etc/rndc.conf << "EOF"
options {
    default-server 127.0.0.1;
    default-key "rndckey";
};

server 127.0.0.1 {
    key "rndckey";
};

key "rndc_key" {
    algorithm       "hmac-md5";
    secret          "Insert RNDC Key Here";
};
EOF

The following list of root hints was copied from Internic[1] on 2010-01-08:

cat > /srv/named/etc/namedb/root.hints << "EOF"
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Dec 12, 2008
;       related version of root zone:   2008121200
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42   
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
; End of File
EOF

Create a default zone for localhost:

cat > /srv/named/etc/namedb/pz/localhost << "EOF"
$TTL    3D
@       IN SOA  @ root (
                            42          ; serial (d. adams)
                            3H          ; refresh
                            15M         ; retry
                            1W          ; expiry
                            1D)         ; minimum
        IN NS           @
        IN A            127.0.0.1
EOF

And the corresponding reverse lookup zone:

cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
$TTL    1D
@       IN      SOA     localhost. root.localhost.  (
                            1          ; Serial
                            8H         ; Refresh
                            2H         ; Retry
                            4W         ; Expire
                            1D)        ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.
EOF

Permissions

Change the ownership and set permissions:

chmod -Rv ug+rw /srv/named
chown -Rv named:named /srv/named
Retrieved from "?title=BIND&oldid=19826"