Bind on GentooThis doc goes through the steps to take to make a gentoo host run bind.
1. Setting up BindThese steps go through what it will take to get bind working on a gentoo host. There are some things that are specific to gentoo, and then there are a few things that might be different to you that are part of the standard gentoo install. This section covers these steps.
1.1 Install BindGentoo bind comes setup in a chroot jail. This allows the setup to be more secure, by preventing a hacker who exploits bind from gaining higher level access to the server. The linux security website has a bunch of good notes on chroot-ing bind. Installing and running bind |
---|
1A01 ! -- check to see if you have bind installed
1A01 root@host # emerge -s ^bind$ bind-tools
1A01 Searching...
1A01 [ Results for search key : ^bind$ ]
1A01 [ Applications found : 1 ]
1A01
1A01 * net-dns/bind
1A01 Latest version available: 9.2.2-r2
1A01 Latest version installed:
1A01 Size of downloaded files: 4,936 kB
1A01 Homepage: http://www.isc.org/products/BIND/bind9.html
1A01 Description: BIND - Berkeley Internet Name Domain - Name Server
1A01
1A01
1A01 Searching...
1A01 [ Results for search key : bind-tools ]
1A01 [ Applications found : 1 ]
1A01
1A01 * net-dns/bind-tools
1A01 Latest version available: 9.2.2
1A01 Latest version installed:
1A01 Size of downloaded files: 4,951 kB
1A01 Homepage: http://www.isc.org/products/BIND/bind9-beta.html
1A01 Description: bind tools: dig, nslookup, and host
1A01
1A01 !
1A01 ! -- install bind with dns tools
1A02 root@host # emerge bind; emerge bind-tools
1A03 (bla...bla...bla)
1A01 !
1A04 ! -- change bind so that it works within a chrooted environment:
1A05 root@host # ebuild /var/db/pkg/net-dns/bind-9.2.2-r2/bind-9.2.2-r2.ebuild config
1A01 !
1A06 ! -- continuing with this, edit roots .bashrc file
1A07 root@host # vim .bashrc
1A08 ! -- add this to the file
1A09 alias rndc='rndc -k /chroot/dns/etc/bind/rndc.key'
1A01 !
1A10 ! -- then enable the changes to the .bashrc file
1A11 root@host # source /root/.bashrc
|
1.2 Configuring Bind on GentooSince this bind configuration is setup in a chrooted environment, the files that you will need to modify are in locations that are different than the standard install. In this section, we are only going over where files will be located within gentoo. The following section will cover what those files are, and how they interact with each other. You can find the primary chrooted bind configuration file in the following location: /chroot/dns/etc/bind/named.conf
From here, you can define the forward and reverse files, which would be here: /chroot/dns/var/bind/pri/db.cmed.us
/chroot/dns/var/bind/pri/db.192.168.1
The log file for bind is located here:
/var/log/named/current
-or-
/var/log/everything/current
gentoo config for named:
/etc/conf.d/named
2. Configuring BindThis section will cover the steps that are standard to all bind installs.
2.1 The Files in BindTo make a correctly installed version of BIND work, you need to setup four different types of files. These configuration files tells BIND how it is configured, and all the information about all the computers and their corresponding ip addresses. The table below lists the primary files in play on a bind setup. Note that in a chrooted configuration, the file locations are different than listed below. File | Description |
---|
/etc/named.conf | This is the master config file. This keeps track of where all the other files are kept, as well as defining what domains that BIND is handling, and across what networks. | db.ADDR | This file is also know as the forward lookup file. There is one of these files per domain or subdomain. Basically this file specify's the domain, like people.org, and lists all the hosts and ips, like Jack = 10.1.1.1. It is used for all forward lookups, thus if you want to resolve the ip for the name Joan.people.org, this file would tell you that it is 10.1.2.2. The location of this file is specified in the/etc/named.conf file. | db.REVERSE | The Reverse lookup file handles all "reverse" queries. That would be lookups where you know the IP but not the name. Thus, if you wanted to find out who is 10.1.2.4, you could do a reverse lookup using this file and see that it is Meg. The location of this file is specified in the/etc/named.conf file. | db.127.0.0 | The loopback file is simply a small file that tells BIND to ask itself if it needs to look something up. Since the computer itself doesn't point to a name server (like when it is configured), all queries need to be asked to someone, and this file reminds the host that it can ask itself and get the answer. The location of this file is specified in the /etc/named.conf file. | db.cashe | The cashe file, otherwise known as the "." file, keeps track of all the DNS root servers. These servers know all the domains on the internet, so if you can not resolve an outside address, one of the roots will at least get you to someone that can. The location of this file is specified in the /etc/named.conf file. |
Of the above files, we will go over a few of them below.
2.2 The /etc/named.conf FileThe primary file is the /etc/named.conf file. This is the central configuration file that organizes where everything else is kept. This file is actually really basic, with only a few different types of things in it. It defines what everything else is, and where it's kept. Not much more than that. (Remember that this is a basic example, it can have more goodies added, but we won't mess with that in this discussion.) There are only two different things that this file defines, the first is options which is defined in the header, and the second is zones, which takes up the body of the document. The options are global statements, like where the rest of the files for BIND are kept in the unix directory, and things like that. The zone files define all the different domains and what files contain what info. Here's the example /etc/named.conf file for the people.org network: The /etc/named.conf File |
---|
01 ! --
// BIND configuration file
options {
directory "/var/bind";
listen-on-v6 { none; };
listen-on { 127.0.0.1; 192.168.1.23; };
pid-file "/var/run/named/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "cmed.us" {
type master;
file "pri/db.cmed.us";
};
|
3. Starting and Stopping BINDHow to Startup Bind |
---|
01 ! --
1A04 ! -- start bind
1A05 root@host # /etc/init.d/named start
1A06 ! -- viewing the named process
slh bind # ps -ef|grep named
named 21683 1 0 19:45 ? 00:00:00 [named]
named 21684 21683 0 19:45 ? 00:00:00 [named]
named 21686 21684 0 19:45 ? 00:00:00 [named]
named 21687 21684 0 19:45 ? 00:00:00 [named]
named 21688 21684 0 19:45 ? 00:00:00 [named]
1A06 ! -- set bind to run as default
1A07 root@host # rc-update add named default
|
4. Troubleshooting Bind/DNSA1. References
|
|