SLUUG Wiki

User Tools

Site Tools

Trace: dns
build:dns

This is an old revision of the document!

Table of Contents

DNS

We are running a caching name server on the server, bound to the loopback interface only.

Bind 9 Caching Name Server

We decided to use bind 9, as it is well supported now. (Note that Debian's default is bind 8, if you just say "bind".) We also decided to put it into a chroot jail, as it's pretty simple to do and well-documented. This will also protect us from most bind and DNS exploits.

Installation

First, we install the required packages: 

apt-get install bind9 dnsutils bind9-doc libisccc0 libisccfg0

Next we build out /var/lib/named to contain enough so that bind9 can run chrooted within it: 

mkdir -p /var/lib/named
mkdir -p /var/lib/named/etc /var/lib/named/dev
mkdir -p /var/lib/named/var/run/bind/run /var/lib/named/var/cache/bind
chown bind:bind /var/lib/named/var/run/bind/run
chown -R bind:bind /var/lib/named/var/*
mknod /var/lib/named/dev/random c 1 8
mknod /var/lib/named/dev/null c 1 3
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random

Configuration

Next we copy the configuration into the chroot directory, and link back to the original locations, so we can update the configuration from the original config-file location: 

mv /etc/bind /var/lib/named/etc/bind
ln -s /var/lib/named/etc/bind /etc/bind

Next we edit /etc/default/bind9 to tell it to start up chrooted to /var/lib/named: 

OPTIONS="-u bind -t /var/lib/named"

Edit /var/lib/named/etc/bind/named.conf.options and tell it which interfaces to listen on, and who to forward requests to if we don't know the answer: 

listen-on {127.0.0.1;};
forwarders {24.217.0.3;};

TODO: Our forwarder will need to change to whoever our upstream ISP is. This is Charter.

Start the named server: 

/etc/init.d/bind9 start

Edit /etc/resolv.conf: 

domain sluug.info
nameserver 127.0.0.1

This shouldn't require any further configuration, as we only need caching DNS to support the mail server. If it does, named options are set in /etc/default/bind9.

TODO

Need to re-run the entire thing again (except the apt-get install) as several changes have been made since then.

Change the domain to sluug.org when appropriate.

Make logging changes per HOWTO below.

Old Server Info

Unfortunately, I had previously run "apt-get install bind", not realizing that the default was Bind8. I think I've removed all traces of Bind8 - "apt-get remove bind" didn't take everything with it, such as the startup script. (Jeff Muse)

NOTES

Got some of this from the Bind-Chroot-Howto.

build/dns.1133035130.txt.gz · Last modified: 2005/11/26 14:10 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki