Difference between revisions of "BIND"

From CBLFS
Jump to navigationJump to search
(Configuring Bind)
Line 92: Line 92:
 
=== Configuration ===
 
=== Configuration ===
  
Time premiting, the configuration for bind will be put here. For the time being, the following link cam be used to set up a simple lookup nameserver.
+
Create a basic internal configuration for bind, You may have to substitute some ip addresses and subnets depending on your configuration:
  
  http://www.unixwiz.net/techtips/bind9-chroot.html
+
  cat > /srv/named/etc/named.conf << "EOF"
 +
options {
 +
    directory "/etc/namedb";
 +
    pid-file "/var/run/named.pid";
 +
    statistics-file "/var/run/named.stats";
 +
    forwarders { 208.67.222.222; 208.67.220.220; };
 +
 +
    allow-query { "lan"; };
 +
 +
    listen-on { 127.0.0.1; };
 +
    listen-on { 192.168.1.1; };
 +
};
 +
 +
acl "lan" {
 +
    127.0.0.1;
 +
    192.168.1.0/24;
 +
};
 +
 +
controls {
 +
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
 +
};
 +
 +
key "rndc_key" {
 +
    algorithm hmac-md5;
 +
    secret "'''''Insert RNDC Key Here'''''";
 +
};
 +
 +
zone "0.0.127.in-addr.arpa" {
 +
    type master;
 +
    file "pz/127.0.0";
 +
};
 +
 +
logging {
 +
    category default { default_syslog; default_debug; };
 +
    category unmatched { null; };
 +
    channel default_syslog {
 +
        syslog daemon;
 +
        severity info;
 +
    };
 +
    channel default_debug {
 +
        file "named.run";
 +
        severity dynamic;
 +
    };
 +
    channel default_stderr {
 +
        stderr;
 +
        severity info;
 +
    };
 +
    channel null {
 +
        null;
 +
    };
 +
};
 +
EOF
 +
 
 +
Create a configuration file for the nameserver remote control utility:  
 +
 
 +
cat > /etc/rndc.conf << "EOF"
 +
options {
 +
    default-server 127.0.0.1;
 +
    default-key "rndckey";
 +
};
 +
 +
server 127.0.0.1 {
 +
    key "rndckey";
 +
};
 +
 +
key "rndc_key" {
 +
    algorithm      "hmac-md5";
 +
    secret          "'''''Insert RNDC Key Here'''''";
 +
};
 +
EOF
 +
 
 +
Create a default zone for localhost:
 +
 
 +
cat > /srv/named/etc/namedb/pz/localhost << "EOF"
 +
$TTL    3D
 +
@      IN SOA  @ root (
 +
                            42          ; serial (d. adams)
 +
                            3H          ; refresh
 +
                            15M        ; retry
 +
                            1W          ; expiry
 +
                            1D)        ; minimum
 +
        IN NS          @
 +
        IN A            127.0.0.1
 +
EOF
 +
 
 +
And the corresponding reverse lookup zone:
 +
 
 +
cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
 +
$TTL    1D
 +
@      IN      SOA    localhost. root.localhost.  (
 +
                            1          ; Serial
 +
                            8H        ; Refresh
 +
                            2H        ; Retry
 +
                            4W        ; Expire
 +
                            1D)        ; Minimum
 +
        IN      NS      localhost.
 +
1      IN      PTR    localhost.
 +
EOF
  
 
[[Category:Network Utilities]]
 
[[Category:Network Utilities]]

Revision as of 16:49, 8 January 2010

Download Source: http://ftp.isc.org/isc/bind9/9.6.1-P2/bind-9.6.1-P2.tar.gz
Alternate Download Source: http://gd.tuwien.ac.at/infosys/servers/isc/bind/9.6.1-P2/bind-9.6.1-P2.tar.gz

Introduction to BIND

BIND (Berkeley Internet Name Domain) is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System.

Project Homepage: http://www.bind9.net/

Dependencies

Optional

  • OpenSSL (Recommended for secure environments)

Non-Multilib

Compile the package: 

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads --with-libtool &&
make

Install the package 

make install

Multilib

32Bit

Compile the package: 

CC="gcc ${BUILD32}" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-threads \
     --with-libtool &&
make

Install the package 

make install &&
mv -v /usr/bin/isc-config.sh{,-32}

N32

Compile the package: 

CC="gcc ${BUILDN32}" ./configure --prefix=/usr --libdir=/usr/lib32 --sysconfdir=/etc --localstatedir=/var \
     --enable-threads --with-libtool &&
make

Install the package 

make install &&
mv -v /usr/bin/isc-config.sh{,-n32}

64Bit

Compile the package: 

CC="gcc ${BUILD64}" ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc --localstatedir=/var \
    --enable-threads --with-libtool &&
make

Install the package 

make install &&
mv -v /usr/bin/isc-config.sh{,-64} &&
ln -sfv multiarch_wrapper /usr/bin/isc-config.sh

Configuring Bind

Named User/Group

groupadd -g 52 named &&
useradd -c 'BIND User' -d /srv/named -g named -s /bin/false -u 52 named

BootScript

Install the init script included in the bootscripts package. 

make install-bind

Basic structure for the chroot environment

install -dv /srv/named/{dev,etc/namedb/{pz,slave},var/run} &&
mknod -m666 /srv/named/dev/null c 1 3 &&
mknod -m666 /srv/named/dev/zero c 1 5 &&
mknod -m666 /srv/named/dev/random c 1 8 &&
cp -L /etc/localtime /srv/named/etc/localtime

Configuration

Create a basic internal configuration for bind, You may have to substitute some ip addresses and subnets depending on your configuration: 

cat > /srv/named/etc/named.conf << "EOF"
options {
    directory "/etc/namedb";
    pid-file "/var/run/named.pid";
    statistics-file "/var/run/named.stats";
    forwarders { 208.67.222.222; 208.67.220.220; };

    allow-query { "lan"; };

    listen-on { 127.0.0.1; };
    listen-on { 192.168.1.1; };
};

acl "lan" {
    127.0.0.1;
    192.168.1.0/24;
};

controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
    algorithm hmac-md5;
    secret "Insert RNDC Key Here";
};

zone "0.0.127.in-addr.arpa" {
    type master;
    file "pz/127.0.0";
};

logging {
    category default { default_syslog; default_debug; };
    category unmatched { null; };
    channel default_syslog {
        syslog daemon;
        severity info;
    };
    channel default_debug {
        file "named.run";
        severity dynamic;
    };
    channel default_stderr {
        stderr;
        severity info;
    };
    channel null {
        null;
    };
};
EOF

Create a configuration file for the nameserver remote control utility: 

cat > /etc/rndc.conf << "EOF"
options {
    default-server 127.0.0.1;
    default-key "rndckey";
};

server 127.0.0.1 {
    key "rndckey";
};

key "rndc_key" {
    algorithm       "hmac-md5";
    secret          "Insert RNDC Key Here";
};

EOF

Create a default zone for localhost: 

cat > /srv/named/etc/namedb/pz/localhost << "EOF"
$TTL    3D
@       IN SOA  @ root (
                            42          ; serial (d. adams)
                            3H          ; refresh
                            15M         ; retry
                            1W          ; expiry
                            1D)         ; minimum
        IN NS           @
        IN A            127.0.0.1
EOF

And the corresponding reverse lookup zone: 

cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF"
$TTL    1D
@       IN      SOA     localhost. root.localhost.  (
                            1          ; Serial
                            8H         ; Refresh
                            2H         ; Retry
                            4W         ; Expire
                            1D)        ; Minimum
        IN      NS      localhost.
1       IN      PTR     localhost.
EOF
Retrieved from "?title=BIND&oldid=19820"