Tuesday, 21 June 2011

BIND Server Configuration in Linux



Q: - What is the role of "named-checkconf Utility"?

The named-checkconf utility checks the syntax of the named.conf configuration file.
Syntax: named-checkconf    [-t directory] [filename]

Q: - what is the role of "named-checkzone Utility"?

The named-checkzone utility checks the syntax and consistency of the zone file.
Syntax:     named-checkzone [-dgv]   [-c class] zone   [filename]


BINDS:
If you didn't install BIND packages then install them with:                    All theDNS are stored in /etc/resolv.conf              add more ips to the nameserver

 yum install -y  php* bind* mysql* postfix* sendmail* httpd* vsftpd* caching*

 yum install -y bind
 yum install -y bind-chroot
 yum install -y bind-devel
 yum install -y bind-libbind-devel
 yum install -y bind-libs
 yum install -y bind-sdb
 yum install -y bind-utils
 yum install -y caching-nameserver
 yum install -y system-config-bind


chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/

cp /var/named/chroot/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf
ln -s /var/named/chroot/etc/named.conf /etc/named.conf

chkconfig named on

service named start

To set SElinux

setsebool -P named_write_master_zones 1

Assumptions

your network is 192.168.1.0/24

Your master DNS name server is server2.example.com with IP address 192.168.1.2

   1.

      # cd /var/named/chroot/etc

   2.

      # cp /var/named/chroot/etc/named.rfc1912.zones /var/named/chroot/etc/named.conf

   3.

      # vi named.conf

   4.

       After
      // See /usr/share/doc/bind*/sample/ for example named configuration files.
      //

   5. Insert the following lines:

      options {
              listen-on port 53 { 127.0.0.1; };
              listen-on-v6 port 53 { ::1; };
              directory       "/var/named";
              dump-file       "/var/named/data/cache_dump.db";
              statistics-file "/var/named/data/named_stats.txt";
              memstatistics-file "/var/named/data/named_mem_stats.txt";
              // Those options should be used carefully because they disable port
              // randomization
              // query-source    port 53;
              // query-source-v6 port 53;

              #allow-query     { localhost; };
      };

zone "example.com" IN {
              type master;
              file "example.com.zone";
      };


      zone "1.168.192.in-addr.arpa" IN {
              type master;
              file "example.com.rr.zone";
      };
  include "/etc/rndc.key";

   6. Modify the listen-on port 53 directive to include your IP address

      listen-on port 53 { 127.0.0.1;192.168.1.2; };

   7. Modify the allow-query to include your network IP address

      allow-query     { localhost; 192.168.1.0/24; };

   8. Add the zone and the reverse zone lines by copying the following lines and paste them at the end of the file

      zone "example.com" IN {
              type master;
              file "example.com.zone";
      };

      zone "1.168.192.in-addr.arpa" IN {
              type master;
              file "example.com.rr.zone";
      };
      include "/etc/rndc.key";

   9. Save and close the file
  10. Create a link

      # ln -s /var/named/chroot/etc/named.conf /etc/named.conf

  11. Configure the RNDC key by using this command:

      # rndc-confgen

  12. Configure the zone file(example.com.zone)

      # cd /var/named/chroot/var/named

      # vi example.com.zone

  13. Insert the following lines:

      $TTL 86400 @ IN SOA server2.example.com. root.server2.example.com. ( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS server2.example.com

  14. Save and close the file
  15. Create the symbolic link

      ln -s /var/named/chroot/var/named/example.com.zone /var/named/example.com.zone

  16. Configure the reverse zone
 # cd /var/named/chroot/var/named

      # vi example.com.rr.zone

  17. Insert the following lines:

      $TTL 86400 @ IN SOA server2.example.com. root.server2.example.com. ( 42 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS server2.example.com 2 IN PTR server2.example.com

  18. Save and close the file
  19.

      ln -s /var/named/chroot/var/named/example.com.rr.zone /var/named/example.com.rr.zone

  20.

      # chkconfig named on

  21. Allow access to TCP and UDP ports 53

      # system-config-securitylevel

      other port add 53 as tcp
      other port add 53 as udp

  22. Restart named

      # chmod 777 /etc/named.conf

      # service named restart

 # host yahoo.com

 # dig yahoo.com

$TTL 86400 means the default time to live for the data on this master DNS server is three days.

SOA means start of authority which it describes where the zone is coming from.The zone in this case is coming from the computer named server2.example.com and the email is root@server2.example.com.

Serial Numbers means the date and version number of this data.

NS means the name server record which it is the name of the master DNS server(server2.example.com)

The final named.conf

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)