LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-15-2002, 11:39 PM   #1
360
Member
 
Registered: Jun 2001
Distribution: FC4
Posts: 136

Rep: Reputation: 15
How to install and configure Bind 9


Hello,

These are my notes for installing and configuring Bind 9.
It includes how to configure rndc and have named start
automatically on boot-up.

Use at your own risk!

I suggest taking your time and don't rush through this.

Good Luck!

DNS Bind 9
Download and Configuration
Recommended Reading ďDNS and BindĒ OíReilly. Also visit isc.org for Documentation.
Requirements:
1. Root access
2. At least one, static ip address that is registered with arin.net.
3. One registered domain name with one registered nameserver
4. Patience

Here is what we are about to do:
1. Download BIND with lynx.
2. Unpack the source code and build the program.
3. Create the necessary files that BIND needs on your server.
4. Locate the named executable and system error log file.
5. Start the software.
6. Check for errors.
7. Test the setup with nslookup
8. Configure RNDC
9. Write a script to started the name server on bootup.

Make sure port 53 is open on your network and /etc/services
Open /etc/services and make sure the port 53 lines are uncommented.
# vi /etc/services

If you are running a firewall such as ipchains or iptables, be sure to allow packets
to DNS. If you donít know if your running a firewall, reboot your system then take
a look at the /var/log/messages file. Go to the bottom of the file and look for firewall,
ipchains or iptables. If you see anything with these entries but donít know anything
about them, cd /etc/init.d then mv ipchains ipchains.old. Moving the file ipchains to
ipchains.old will disable the firewall during reboot. Now reboot your system to
disable the firewall. Make a not of this change in you log notebook.

You can also go to insecure.org and download a port scanner called Nmap to
a different linux system. After you install Nmap on a different system, become
root run this command
to see if port 53 is open on the specified network.
Port 53 may appear to be closed until you configure your DNS server properly.
Be patient. It may take a minute or two.
nmap -O -sT <ip_address_to_be_scanned>

Replace x with the version you download.

1. Go to the tmp directory
# cd /tmp

Use lynx to go to the ics.org website and download the current version of bind.
# lynx isc.org
navigate to the latest release of bind and download.

2. Unpack the Source Code
# tar zxvf bind-9.x.x.tar.gz

Move to the bind-9.x.x directory and run the following commands:
# cd /tmp/bind-9.x.x
# ./configure
# make all
# make install

3. Create the file /etc/named.conf.
# touch -c /etc/named.conf
# vi /etc/named.conf

/*
Below is the content of the named.conf file.
Note: In the third entry, if you have one single address, enter your ip address backwards.
So if my ip address is 12.345.67.89 , I would enter 89.67.345.12
If you have a block of address 12.345.67.89-93 or more, leave off the last set of numbers
when entering it backwards so it will look like 67.345.12
*/


options {
directory "/etc/named.d";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.d/localhost.rev";
};

zone "98.76.543.21.in-addr.arpa" {
type master;
file "/etc/named.d/98.76.543.21.rev";
};

zone "." {
type hint;
file "/etc/named.d/named.ca";
};

zone "yourdomain.com" {
type master;
file "/etc/named.d/yourdomain.com.db";
};


Now we need to create the directory /etc/named.d and put our zone files in it.
Type the following commands.

# mkdir /etc/named.d
# cd /etc/named.d

Now we will create the different files that we referred to in our conf file from top to bottom. Note that all domain records must end with a period (.) or you will get errors.
# vi 98.76.543.21.rev

//Here is the content of this file:

$TTL 3h
;
; 98.76.543.21.rev
;

;SOA records
98.76.543.21.in-addr.arpa. IN SOA ns1.yourdomain.com admin.yourdomain.com. (
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum

;NS RECORDS
IN NS ns1. yourdomain.com.


# vi localhost.rev

//Here is the content of this file:

$TTL 3h
;
; localhost.rev
;

@ IN SOA ns1.yourdomain.com admin.yourdomain.com. (
(
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum

;NS RECORDS
IN NS ns1. yourdomain.com.


1 IN PTR localhost.


# vi yourdomain.com.db

//Here is the content of this file:

$TTL 3h
;
; yourdomain.com.db
;
;SOA records
@ IN SOA ns1.yourdomain.com admin.yourdomain.com. (

1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum

;NS RECORDS
IN NS ns1.yourdomain.com.
IN NS ns2.yourdomain.com.
IN MX 10 mail.yourdomain.com.

yourdomain.com. IN A 123.456.789.10
www IN A 123.456.789.10
ftp IN A 123.456.789.10
mail IN A 123.456.789.10


You can create more zone entries in the named.conf file for more domains
each one having a zone file like the one above with the proper ip addresses.

4. Now letís find out where the named executable is. Type the following command:
# whereis named
named: /etc/named.conf /etc/named.d /usr/local/sbin/named

We see that named is in /usr/local/sbin.

Now letís find out where your Syslog Errors are being logged. Type the following command:
# cd /etc
# vi syslog.conf
Here is what I found:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages


5. The following command starts the name server.
# /usr/local/sbin/named

6. Check for errors in the /var/log/messages file with the following command.
# grep named /var/log/messages
Jan 29 beckweb /usr/local/sbin/named[1606]: starting BIND 9.1.3
Jan 29 beckweb /usr/local/sbin/named[1606]: using 1 CPU
Jan 29 beckweb /usr/local/sbin/named[1608]: loading configuration from '/etc/named.conf'
Jan 29 beckweb /usr/local/sbin/named[1608]: /etc/named.conf:82: references to zones not
implemented yet
Jan 29beckweb /usr/local/sbin/named[1608]: /etc/named.conf:82: parse error near /
Jan 29 beckweb /usr/local/sbin/named[1608]: loading configuration: failure
Jan 29 beckweb /usr/local/sbin/named[1608]: exiting (due to fatal error)

I see that in my named.conf file, I have a parse error on line 82.
This error would not allow named to start at bootup and
it also made port 53 appear closed during a port scan.

7. Use nslookup to test your setup. You will see the name server it used in your
/etc/resolv.conf file then your domain name and the address it is pointed to.
Type the following command.
# nslookup yourdomain.com
Server: <ip address or name of server>
Address: <ip address or name of server and port>

Name: <your domain name>
Address: <your ip address>




8. Configuring rndc for bind 9
Solution for connection refused based on notes from:
http://www.mail-archive.com/comp-pro.../msg03950.html

The solution seems to be in the order in which the statements are made in each file.

Create a new file, /etc/rndc.conf and add the snip below.
Your secret code must be duplicated in each file.
To create a secret code, you can use the command mmencode.
Type your secret code, hit enter and your secret code is created.

You may need to restart your server for the changes to take affect.
After restarting, to start named you can type the path of the server, /usr/sbin/named.
Mine is located at /usr/local/sbin/named.
Type wheris named, to find where named is on your server.
Keep in mind that named must be running to use rndc.


//-- rndc.conf snip

options {
default-server localhost;
default-key "rndc-key";
};

server localhost {
key "rndc-key";
};

key "rndc_key" {
algorithm hmac-md5;
secret "put_code_here" ; # to make a secret code, use:
}; # % mmencode
# foobarsecret
# Zm9vYmFyc2VjcmV0



// named.conf snip

options {
directory "/etc/named.d";
};


controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
algorithm hmac-md5;
secret "put_code_here" ; # to make a secret code, use:
}; # % mmencode
# foobarsecret
# Zm9vYmFyc2VjcmV0





9. How to Start Named on boot-up.

I ran out of room so go to this link to continue.

http://www.linuxquestions.org/questi...threadid=21887



Last edited by 360; 05-26-2002 at 08:56 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
do i have to use Bind to configure DNS? nasirjones Linux - Newbie 18 07-29-2006 11:45 AM
Configure bind in FC2 jgnasser Linux - Software 0 11-29-2004 11:30 PM
How can I configure BIND outside a subnet erik_wout_ew2 Linux - Networking 7 10-30-2004 12:29 PM
configure bind mblanco2000 Linux - Networking 1 04-27-2004 04:42 PM
How to configure BIND...even for the dumbest of n00bs mindstormsguy Linux - Software 2 10-25-2003 08:55 PM


All times are GMT -5. The time now is 04:57 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration