Bind on Gentoo

This doc goes through the steps to take to make a gentoo host run bind.

1. Setting up Bind

These steps go through what it will take to get bind working on a gentoo host. There are some things that are specific to gentoo, and then there are a few things that might be different to you that are part of the standard gentoo install. This section covers these steps.

1.1 Install Bind

Gentoo bind comes setup in a chroot jail. This allows the setup to be more secure, by preventing a hacker who exploits bind from gaining higher level access to the server. The linux security website has a bunch of good notes on chroot-ing bind.

Installing and running bind

1A01  ! -- check to see if you have bind installed
1A01  root@host # emerge -s ^bind$ bind-tools
1A01  Searching...   
1A01  [ Results for search key : ^bind$ ]
1A01  [ Applications found : 1 ]
1A01   
1A01  *  net-dns/bind
1A01        Latest version available: 9.2.2-r2
1A01        Latest version installed: 
1A01        Size of downloaded files: 4,936 kB
1A01        Homepage:    http://www.isc.org/products/BIND/bind9.html
1A01        Description: BIND - Berkeley Internet Name Domain - Name Server
1A01  
1A01  
1A01  Searching...   
1A01  [ Results for search key : bind-tools ]
1A01  [ Applications found : 1 ]
1A01   
1A01  *  net-dns/bind-tools
1A01        Latest version available: 9.2.2
1A01        Latest version installed: 
1A01        Size of downloaded files: 4,951 kB
1A01        Homepage:    http://www.isc.org/products/BIND/bind9-beta.html
1A01        Description: bind tools: dig, nslookup, and host
1A01  
1A01  ! 
1A01  ! -- install bind with dns tools
1A02  root@host # emerge bind; emerge bind-tools
1A03  (bla...bla...bla)
1A01  ! 
1A04  ! -- change bind so that it works within a chrooted environment:
1A05  root@host # ebuild /var/db/pkg/net-dns/bind-9.2.2-r2/bind-9.2.2-r2.ebuild config
1A01  ! 
1A06  ! -- continuing with this, edit roots .bashrc file
1A07  root@host # vim .bashrc
1A08  	! -- add this to the file
1A09  	alias rndc='rndc -k /chroot/dns/etc/bind/rndc.key'
1A01  ! 
1A10  ! -- then enable the changes to the .bashrc file
1A11  root@host # source /root/.bashrc

1.2 Configuring Bind on Gentoo

Since this bind configuration is setup in a chrooted environment, the files that you will need to modify are in locations that are different than the standard install. In this section, we are only going over where files will be located within gentoo. The following section will cover what those files are, and how they interact with each other.
You can find the primary chrooted bind configuration file in the following location:
	/chroot/dns/etc/bind/named.conf
From here, you can define the forward and reverse files, which would be here:
	/chroot/dns/var/bind/pri/db.cmed.us
	/chroot/dns/var/bind/pri/db.192.168.1
The log file for bind is located here:
	/var/log/named/current
-or-
	/var/log/everything/current

gentoo config for named:
	/etc/conf.d/named

2. Configuring Bind

This section will cover the steps that are standard to all bind installs.

2.1 The Files in Bind

To make a correctly installed version of BIND work, you need to setup four different types of files. These configuration files tells BIND how it is configured, and all the information about all the computers and their corresponding ip addresses.
The table below lists the primary files in play on a bind setup. Note that in a chrooted configuration, the file locations are different than listed below.
File Description
/etc/named.conf
This is the master config file. This keeps track of where all the other files are kept, as well as defining what domains that BIND is handling, and across what networks.
db.ADDR
This file is also know as the forward lookup file. There is one of these files per domain or subdomain. Basically this file specify's the domain, like people.org, and lists all the hosts and ips, like Jack = 10.1.1.1. It is used for all forward lookups, thus if you want to resolve the ip for the name Joan.people.org, this file would tell you that it is 10.1.2.2. The location of this file is specified in the/etc/named.conf file.
db.REVERSE
The Reverse lookup file handles all "reverse" queries. That would be lookups where you know the IP but not the name. Thus, if you wanted to find out who is 10.1.2.4, you could do a reverse lookup using this file and see that it is Meg. The location of this file is specified in the/etc/named.conf file.
db.127.0.0
The loopback file is simply a small file that tells BIND to ask itself if it needs to look something up. Since the computer itself doesn't point to a name server (like when it is configured), all queries need to be asked to someone, and this file reminds the host that it can ask itself and get the answer. The location of this file is specified in the /etc/named.conf file.
db.cashe
The cashe file, otherwise known as the "." file, keeps track of all the DNS root servers. These servers know all the domains on the internet, so if you can not resolve an outside address, one of the roots will at least get you to someone that can. The location of this file is specified in the /etc/named.conf file.
Of the above files, we will go over a few of them below.

2.2 The /etc/named.conf File

The primary file is the /etc/named.conf file. This is the central configuration file that organizes where everything else is kept. This file is actually really basic, with only a few different types of things in it. It defines what everything else is, and where it's kept. Not much more than that. (Remember that this is a basic example, it can have more goodies added, but we won't mess with that in this discussion.)
There are only two different things that this file defines, the first is options which is defined in the header, and the second is zones, which takes up the body of the document. The options are global statements, like where the rest of the files for BIND are kept in the unix directory, and things like that. The zone files define all the different domains and what files contain what info.
Here's the example /etc/named.conf file for the people.org network:
The /etc/named.conf File
01  ! -- 
// BIND configuration file	
options {
        directory "/var/bind";
        listen-on-v6 { none; };
        listen-on { 127.0.0.1; 192.168.1.23; };

        pid-file "/var/run/named/named.pid";
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};

zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};

zone "cmed.us" {
        type master; 
        file "pri/db.cmed.us";
};
	

3. Starting and Stopping BIND

How to Startup Bind

01  ! -- 
1A04  ! -- start bind
1A05  root@host # /etc/init.d/named start
1A06  ! -- viewing the named process
slh bind # ps -ef|grep named
named    21683     1  0 19:45 ?        00:00:00 [named]
named    21684 21683  0 19:45 ?        00:00:00 [named]
named    21686 21684  0 19:45 ?        00:00:00 [named]
named    21687 21684  0 19:45 ?        00:00:00 [named]
named    21688 21684  0 19:45 ?        00:00:00 [named]

1A06  ! -- set bind to run as default
1A07  root@host # rc-update add named default

4. Troubleshooting Bind/DNS

A1. References

Linux Security; Chroot Jail. Describes how bind can be installed (and what is) a chroot jail.
DNS and BIND, 4th Edition. By Paul Albitz, Cricket Liu 4th Edition April 2001 © O'Reilly & Associates, Inc.
DNS & BIND Cookbook. By Cricket Liu October 2002 © O'Reilly & Associates, Inc.

Comments

net	Search this site

Gentoo named