Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How I Got Bind9 Working On Debian Etch
#1

TARGET MACHINE

 

apt-get install bind9

 

edit /etc/bind/named.conf.local



Code:
zone "yourdomain.net" {
    type master;
    file "/etc/bind/zones/yourdomain.net.db";
    };

zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};




 

mkdir /etc/bind/zones

edit /etc/bind/zones/yourdomain.net.db



Code:
yourdomain.net.      IN      SOA     ns1.yourdomain.net. admin.yourdomain.net. (
                                                    0000000001
                                                    28800
                                                    3600
                                                    604800
                                                    38400
)

yourdomain.net.      IN      NS              ns1.yourdomain.net.
yourdomain.net.      IN      MX     10       yourdomain.net.

www              IN      A       **serverIP**
mta              IN      A       **serverIP**
ns1              IN      A       **serverIP**




 

edit /etc/bind/zones/rev.0.168.192.in-addr.arpa

The number before IN PTR yourdomain.net. is the machine address of the DNS server. in my case, it's 3, as my IP address is 192.168.0.3.



Code:
@ IN SOA ns1.yourdomain.net. admin.yourdomain.net. (
                    0000000001;
                    28800;
                    604800;
                    604800;
                    86400
)

                 IN    NS     ns1.yourdomain.net.
3                    IN    PTR    yourdomain.net.




 

CONFIGURING THE NETWORK INTERFACES

 

edit etc/network/interfaces

my particular LAN has static local addresses assigned by my router. I removed anything to do with DHCP so it wont overwrite /etc/resolv.conf and entered the relevant details so it looked like this but remember to change your details accordingly for your setup.



Code:
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.0.2
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255




 

Remove network-manager so this also doesnt overwrite the /etc/resolv.conf

 

apt-get remove --purge network-manager

 

edit /etc/resolv.conf



Code:
nameserver 127.0.0.1




 

Restart the network interfaces and check to make sure /etc/resolv.conf hasnt changed!

 

/etc/init.d/networking restart

 

 

now try pinging www.yourdomain.net

 

If all went well you could repeat 'CONFIGURING THE NETWORK INTERFACES' for other machines on your LAN so it uses bind9 as the name server but remember to point /etc/resolv.conf at the machine running bind9!

 

 

CHROOTING BIND9

 

It is VERY IMPORTANT to be running Bind9 as secure as possible. Heres how you chroot Bind9 on Debian Etch.

magikman from #linux-noob / efnet kindly showed me how to do this.

 

edit /etc/default/bind9



Code:
OPTIONS="-u bind -t /var/lib/named"




mkdir -p /var/lib/named/etc

mkdir /var/lib/named/dev

mkdir -p /var/lib/named/var/cache/bind

mkdir -p /var/lib/named/var/run/bind/run

mv /etc/bind /var/lib/named/etc

ln -s /var/lib/named/etc/bind /etc/bind

mknod /var/lib/named/dev/null c 1 3

mknod /var/lib/named/dev/random c 1 8

chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random

chown -R bind:bind /var/lib/named/var/*

chown -R bind:bind /var/lib/named/etc/bind

 

edit /etc/init.d/sysklogd



Code:
SYSLOGD="-a /var/lib/named/dev/log"




/etc/init.d/sysklogd restart

 

/etc/init.d/bind9 restart

 

Now you will running Bind9 chrooted :-)

Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)