2007-03-27, 04:48 PM
TARGET MACHINE
apt-get install bind9
edit /etc/bind/named.conf.local
Code:
zone "yourdomain.net" {
type master;
file "/etc/bind/zones/yourdomain.net.db";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};
mkdir /etc/bind/zones
edit /etc/bind/zones/yourdomain.net.db
Code:
yourdomain.net. IN SOA ns1.yourdomain.net. admin.yourdomain.net. (
0000000001
28800
3600
604800
38400
)
yourdomain.net. IN NS ns1.yourdomain.net.
yourdomain.net. IN MX 10 yourdomain.net.
www IN A **serverIP**
mta IN A **serverIP**
ns1 IN A **serverIP**
edit /etc/bind/zones/rev.0.168.192.in-addr.arpa
The number before IN PTR yourdomain.net. is the machine address of the DNS server. in my case, it's 3, as my IP address is 192.168.0.3.
Code:
@ IN SOA ns1.yourdomain.net. admin.yourdomain.net. (
0000000001;
28800;
604800;
604800;
86400
)
IN NS ns1.yourdomain.net.
3 IN PTR yourdomain.net.
CONFIGURING THE NETWORK INTERFACES
edit etc/network/interfaces
my particular LAN has static local addresses assigned by my router. I removed anything to do with DHCP so it wont overwrite /etc/resolv.conf and entered the relevant details so it looked like this but remember to change your details accordingly for your setup.
Code:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.0.2
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
Remove network-manager so this also doesnt overwrite the /etc/resolv.conf
apt-get remove --purge network-manager
edit /etc/resolv.conf
Code:
nameserver 127.0.0.1
Restart the network interfaces and check to make sure /etc/resolv.conf hasnt changed!
/etc/init.d/networking restart
now try pinging www.yourdomain.net
If all went well you could repeat 'CONFIGURING THE NETWORK INTERFACES' for other machines on your LAN so it uses bind9 as the name server but remember to point /etc/resolv.conf at the machine running bind9!
CHROOTING BIND9
It is VERY IMPORTANT to be running Bind9 as secure as possible. Heres how you chroot Bind9 on Debian Etch.
magikman from #linux-noob / efnet kindly showed me how to do this.
edit /etc/default/bind9
Code:
OPTIONS="-u bind -t /var/lib/named"
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
edit /etc/init.d/sysklogd
Code:
SYSLOGD="-a /var/lib/named/dev/log"
/etc/init.d/sysklogd restart
/etc/init.d/bind9 restart
Now you will running Bind9 chrooted :-)