特殊:Badtitle/NS100:BIND9ServerHowto:修订间差异
小 New page: {{From|https://help.ubuntu.com/community/BIND9ServerHowto}} {{Languages|php5}} This HOWTO is aimed to at people looking to learn how to configure and maintain a DNS server, such as for a ... |
小无编辑摘要 |
||
第16行: | 第16行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo apt-get install bind9 | $ sudo apt-get install bind9 | ||
</nowiki></ | </nowiki></pre> | ||
Useful Tools (For Testing) | Useful Tools (For Testing) | ||
第22行: | 第22行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo apt-get install bind9-host dnsutils | $ sudo apt-get install bind9-host dnsutils | ||
</nowiki></ | </nowiki></pre> | ||
Documentation (Optional) | Documentation (Optional) | ||
第28行: | 第28行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo apt-get install bind9-doc | $ sudo apt-get install bind9-doc | ||
</nowiki></ | </nowiki></pre> | ||
=== BIND9 Scenarios === | === BIND9 Scenarios === | ||
第83行: | 第83行: | ||
www IN A 1.2.3.4 | www IN A 1.2.3.4 | ||
</nowiki></ | </nowiki></pre> | ||
==== Alias Records ==== | ==== Alias Records ==== | ||
第94行: | 第94行: | ||
www IN A 1.2.3.4 | www IN A 1.2.3.4 | ||
</nowiki></ | </nowiki></pre> | ||
==== Mail Exchange Records ==== | ==== Mail Exchange Records ==== | ||
第108行: | 第108行: | ||
mail IN A 1.2.3.4 | mail IN A 1.2.3.4 | ||
</nowiki></ | </nowiki></pre> | ||
==== Name Server Records ==== | ==== Name Server Records ==== | ||
第124行: | 第124行: | ||
ns IN A 1.2.3.4 | ns IN A 1.2.3.4 | ||
</nowiki></ | </nowiki></pre> | ||
=== Configuring BIND9 === | === Configuring BIND9 === | ||
第132行: | 第132行: | ||
<pre><nowiki> | <pre><nowiki> | ||
/etc/bind/ | /etc/bind/ | ||
</nowiki></ | </nowiki></pre> | ||
第141行: | 第141行: | ||
/etc/bind/named.conf.options | /etc/bind/named.conf.options | ||
/etc/bind/named.conf.local | /etc/bind/named.conf.local | ||
</nowiki></ | </nowiki></pre> | ||
==== Caching Server ==== | ==== Caching Server ==== | ||
第163行: | 第163行: | ||
[...] | [...] | ||
</nowiki></ | </nowiki></pre> | ||
(where 1.2.3.4 and 5.6.7.8 are the IP numbers of your ISP's DNS servers) | (where 1.2.3.4 and 5.6.7.8 are the IP numbers of your ISP's DNS servers) | ||
第184行: | 第184行: | ||
[...] | [...] | ||
</nowiki></ | </nowiki></pre> | ||
Now use an existing zone file as a template | Now use an existing zone file as a template | ||
第190行: | 第190行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo cp /etc/bind/db.local /etc/bind/db.example.com | $ sudo cp /etc/bind/db.local /etc/bind/db.example.com | ||
</nowiki></ | </nowiki></pre> | ||
Now, to edit our zone | Now, to edit our zone | ||
第211行: | 第211行: | ||
@ IN NS localhost. | @ IN NS localhost. | ||
@ IN A 127.0.0.1 | @ IN A 127.0.0.1 | ||
</nowiki></ | </nowiki></pre> | ||
Edit <code><nowiki>localhost.</nowiki></code> to the FQDN of your server, with an additional "." at the end. | Edit <code><nowiki>localhost.</nowiki></code> to the FQDN of your server, with an additional "." at the end. | ||
第235行: | 第235行: | ||
@ IN A 127.0.0.1 | @ IN A 127.0.0.1 | ||
</nowiki></ | </nowiki></pre> | ||
Edit <code><nowiki>root.localhost</nowiki></code> to be your email address, but with a "." instead of the "@", and another "." at the end. | Edit <code><nowiki>root.localhost</nowiki></code> to be your email address, but with a "." instead of the "@", and another "." at the end. | ||
第269行: | 第269行: | ||
[...] | [...] | ||
</nowiki></ | </nowiki></pre> | ||
On the slave, you have to proceed to the same installation that was done on the master. Then edit the <code><nowiki>/etc/bind/named.conf.local</nowiki></code> and add the following declaration for the zone: | On the slave, you have to proceed to the same installation that was done on the master. Then edit the <code><nowiki>/etc/bind/named.conf.local</nowiki></code> and add the following declaration for the zone: | ||
第285行: | 第285行: | ||
[...] | [...] | ||
</nowiki></ | </nowiki></pre> | ||
Restart the server, you should see in <code><nowiki>/var/log/syslog</nowiki></code> something like: | Restart the server, you should see in <code><nowiki>/var/log/syslog</nowiki></code> something like: | ||
第291行: | 第291行: | ||
syslog.5.gz:May 14 23:33:53 smith named[5064]: zone example.com/IN: transferred serial 2006051401 | syslog.5.gz:May 14 23:33:53 smith named[5064]: zone example.com/IN: transferred serial 2006051401 | ||
syslog.5.gz:May 14 23:33:53 smith named[5064]: transfer of 'example.com/IN' from 10.0.0.202#53: end of transfer | syslog.5.gz:May 14 23:33:53 smith named[5064]: transfer of 'example.com/IN' from 10.0.0.202#53: end of transfer | ||
</nowiki></ | </nowiki></pre> | ||
=== Chrooting BIND9 === | === Chrooting BIND9 === | ||
第308行: | 第308行: | ||
$ cd /chroot/named | $ cd /chroot/named | ||
$ sudo mkdir -p dev etc/namedb/slave var/run | $ sudo mkdir -p dev etc/namedb/slave var/run | ||
</nowiki></ | </nowiki></pre> | ||
Set permissions for chroot environment | Set permissions for chroot environment | ||
第317行: | 第317行: | ||
$ sudo chown bind:bind /chroot/named | $ sudo chown bind:bind /chroot/named | ||
$ sudo chmod 700 /chroot/named | $ sudo chmod 700 /chroot/named | ||
</nowiki></ | </nowiki></pre> | ||
Create or move the bind configuration file. | Create or move the bind configuration file. | ||
第323行: | 第323行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo touch /chroot/named/etc/named.conf | $ sudo touch /chroot/named/etc/named.conf | ||
</nowiki></ | </nowiki></pre> | ||
or | or | ||
第329行: | 第329行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo cp /etc/named.conf /chroot/named/etc | $ sudo cp /etc/named.conf /chroot/named/etc | ||
</nowiki></ | </nowiki></pre> | ||
Give write permissions to the user bind for /chroot/named/etc/namedb/slave directory. | Give write permissions to the user bind for /chroot/named/etc/namedb/slave directory. | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo chown bind:bind /chroot/named/etc/namedb/slave | $ sudo chown bind:bind /chroot/named/etc/namedb/slave | ||
</nowiki></ | </nowiki></pre> | ||
This is where the files for all slave zones will be kept. This increases security, by stopping the ability of an attacker to edit any of your master zone files if they do gain access as the bind user. Accordingly, all slave file names in the /chroot/named/etc/named.conf file will need to have directory names that designate the slave directory. An example zone definition is listed below. | This is where the files for all slave zones will be kept. This increases security, by stopping the ability of an attacker to edit any of your master zone files if they do gain access as the bind user. Accordingly, all slave file names in the /chroot/named/etc/named.conf file will need to have directory names that designate the slave directory. An example zone definition is listed below. | ||
第346行: | 第346行: | ||
}; | }; | ||
}; | }; | ||
</nowiki></ | </nowiki></pre> | ||
Create the devices BIND9 requires | Create the devices BIND9 requires | ||
第353行: | 第353行: | ||
$ sudo mknod /chroot/named/dev/null c 1 3 | $ sudo mknod /chroot/named/dev/null c 1 3 | ||
$ sudo mknod /chroot/named/dev/random c 1 8 | $ sudo mknod /chroot/named/dev/random c 1 8 | ||
</nowiki></ | </nowiki></pre> | ||
Give the user bind access to the /chroot/named/var/run directory that will be used to strore PID and statistical data. | Give the user bind access to the /chroot/named/var/run directory that will be used to strore PID and statistical data. | ||
第359行: | 第359行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo chown bind:bind /chroot/named/var/run | $ sudo chown bind:bind /chroot/named/var/run | ||
</nowiki></ | </nowiki></pre> | ||
==== BIND9's Configuration ==== | ==== BIND9's Configuration ==== | ||
第369行: | 第369行: | ||
OPTIONS=”-u bind” | OPTIONS=”-u bind” | ||
</nowiki></ | </nowiki></pre> | ||
So that it reads | So that it reads | ||
第378行: | 第378行: | ||
OPTIONS="-u bind -t /var/named -t /chroot/named -c /etc/named.conf" | OPTIONS="-u bind -t /var/named -t /chroot/named -c /etc/named.conf" | ||
</nowiki></ | </nowiki></pre> | ||
The -t option changes the root directory from which bind operates to be /chroot/named. The -c option tells Bind that the configuration file is located at /etc/named.conf. Remember that this path is relative to the root set by -t. | The -t option changes the root directory from which bind operates to be /chroot/named. The -c option tells Bind that the configuration file is located at /etc/named.conf. Remember that this path is relative to the root set by -t. | ||
第393行: | 第393行: | ||
statistics-file "/var/run/named.stats"; | statistics-file "/var/run/named.stats"; | ||
}; | }; | ||
</nowiki></ | </nowiki></pre> | ||
==== Ubuntu's syslod Daemon Configuration ==== | ==== Ubuntu's syslod Daemon Configuration ==== | ||
第406行: | 第406行: | ||
[...] | [...] | ||
</nowiki></ | </nowiki></pre> | ||
(Author Note: Check this config) | (Author Note: Check this config) | ||
第416行: | 第416行: | ||
$ sudo /etc/init.d/sysklogd restart | $ sudo /etc/init.d/sysklogd restart | ||
$ sudo /etc/init.d/bind9 restart | $ sudo /etc/init.d/bind9 restart | ||
</nowiki></ | </nowiki></pre> | ||
At this point you should check /var/log/messages for any errors that may have been thrown by bind. | At this point you should check /var/log/messages for any errors that may have been thrown by bind. | ||
第426行: | 第426行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo /etc/init.d/bind9 start | $ sudo /etc/init.d/bind9 start | ||
</nowiki></ | </nowiki></pre> | ||
To stop it, use : | To stop it, use : | ||
第432行: | 第432行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo /etc/init.d/bind9 stop | $ sudo /etc/init.d/bind9 stop | ||
</nowiki></ | </nowiki></pre> | ||
Finally, to restart it, run | Finally, to restart it, run | ||
第438行: | 第438行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ sudo /etc/init.d/bind9 restart | $ sudo /etc/init.d/bind9 restart | ||
</nowiki></ | </nowiki></pre> | ||
==== Status ==== | ==== Status ==== | ||
第446行: | 第446行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ host $record localhost | $ host $record localhost | ||
</nowiki></ | </nowiki></pre> | ||
or | or | ||
第452行: | 第452行: | ||
<pre><nowiki> | <pre><nowiki> | ||
$ dig $record @localhost | $ dig $record @localhost | ||
</nowiki></ | </nowiki></pre> | ||
(where localhost is the system you are setting BIND9 up on. If not localhost, use the appropriate IP number.) | (where localhost is the system you are setting BIND9 up on. If not localhost, use the appropriate IP number.) |
2007年5月13日 (日) 12:35的版本
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/BIND9ServerHowto }} |
点击翻译: |
English {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/af | • {{#if: php5|Afrikaans| [[::BIND9ServerHowto/af|Afrikaans]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ar | • {{#if: php5|العربية| [[::BIND9ServerHowto/ar|العربية]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/az | • {{#if: php5|azərbaycanca| [[::BIND9ServerHowto/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/bcc | • {{#if: php5|جهلسری بلوچی| [[::BIND9ServerHowto/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/bg | • {{#if: php5|български| [[::BIND9ServerHowto/bg|български]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/br | • {{#if: php5|brezhoneg| [[::BIND9ServerHowto/br|brezhoneg]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ca | • {{#if: php5|català| [[::BIND9ServerHowto/ca|català]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/cs | • {{#if: php5|čeština| [[::BIND9ServerHowto/cs|čeština]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/de | • {{#if: php5|Deutsch| [[::BIND9ServerHowto/de|Deutsch]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/el | • {{#if: php5|Ελληνικά| [[::BIND9ServerHowto/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/es | • {{#if: php5|español| [[::BIND9ServerHowto/es|español]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/fa | • {{#if: php5|فارسی| [[::BIND9ServerHowto/fa|فارسی]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/fi | • {{#if: php5|suomi| [[::BIND9ServerHowto/fi|suomi]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/fr | • {{#if: php5|français| [[::BIND9ServerHowto/fr|français]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/gu | • {{#if: php5|ગુજરાતી| [[::BIND9ServerHowto/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/he | • {{#if: php5|עברית| [[::BIND9ServerHowto/he|עברית]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/hu | • {{#if: php5|magyar| [[::BIND9ServerHowto/hu|magyar]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/id | • {{#if: php5|Bahasa Indonesia| [[::BIND9ServerHowto/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/it | • {{#if: php5|italiano| [[::BIND9ServerHowto/it|italiano]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ja | • {{#if: php5|日本語| [[::BIND9ServerHowto/ja|日本語]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ko | • {{#if: php5|한국어| [[::BIND9ServerHowto/ko|한국어]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ksh | • {{#if: php5|Ripoarisch| [[::BIND9ServerHowto/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/mr | • {{#if: php5|मराठी| [[::BIND9ServerHowto/mr|मराठी]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ms | • {{#if: php5|Bahasa Melayu| [[::BIND9ServerHowto/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/nl | • {{#if: php5|Nederlands| [[::BIND9ServerHowto/nl|Nederlands]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/no | • {{#if: php5|norsk| [[::BIND9ServerHowto/no|norsk]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/oc | • {{#if: php5|occitan| [[::BIND9ServerHowto/oc|occitan]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/pl | • {{#if: php5|polski| [[::BIND9ServerHowto/pl|polski]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/pt | • {{#if: php5|português| [[::BIND9ServerHowto/pt|português]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ro | • {{#if: php5|română| [[::BIND9ServerHowto/ro|română]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/ru | • {{#if: php5|русский| [[::BIND9ServerHowto/ru|русский]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/si | • {{#if: php5|සිංහල| [[::BIND9ServerHowto/si|සිංහල]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/sq | • {{#if: php5|shqip| [[::BIND9ServerHowto/sq|shqip]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/sr | • {{#if: php5|српски / srpski| [[::BIND9ServerHowto/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/sv | • {{#if: php5|svenska| [[::BIND9ServerHowto/sv|svenska]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/th | • {{#if: php5|ไทย| [[::BIND9ServerHowto/th|ไทย]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/tr | • {{#if: php5|Türkçe| [[::BIND9ServerHowto/tr|Türkçe]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/vi | • {{#if: php5|Tiếng Việt| [[::BIND9ServerHowto/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/yue | • {{#if: php5|粵語| [[::BIND9ServerHowto/yue|粵語]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/zh | • {{#if: php5|中文| [[::BIND9ServerHowto/zh|中文]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/zh-hans | • {{#if: php5|中文(简体)| [[::BIND9ServerHowto/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: php5 | php5 | {{#if: | :}}BIND9ServerHowto}}/zh-hant | • {{#if: php5|中文(繁體)| [[::BIND9ServerHowto/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:php5|:BIND9ServerHowto|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :BIND9ServerHowto/zh | | {{#ifexist: BIND9ServerHowto/zh | | {{#ifeq: {{#titleparts:BIND9ServerHowto|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:BIND9ServerHowto|1|-1|}} | zh | | }}
This HOWTO is aimed to at people looking to learn how to configure and maintain a DNS server, such as for a network or to serve DNS zones for a domain name.
Repositories
BIND9 is available in the core Ubuntu repository. No additional repository needs to be enabled for BIND9.
Before we begin, you should be familiar with RootSudo.
Installing BIND9
The Server
$ sudo apt-get install bind9
Useful Tools (For Testing)
$ sudo apt-get install bind9-host dnsutils
Documentation (Optional)
$ sudo apt-get install bind9-doc
BIND9 Scenarios
There are many setups BIND9 may be configured.
The most useful setups are:
Caching Server
This can be useful for a broadband connection to a host or small network. By caching DNS queries, you reduce the bandwidth used and (hopefully) reducing your bandwidth used (and hopefully even your broadband bill!).
Master Server
BIND9 can be used to serve DNS records (groups of records are referred to as zones) for a registered domain name or an imaginary one (but only if used on a restricted network)
Slave Server
A slave DNS server is used to complement a Master DNS server by serving a copy of the zone(s) configured on the Master server. Slave servers are recommended in larger setups (larger networks or on the internet) if you intend to power a registered domain name, since they ensure that your DNS zone is still available, even if your Master server is not online.
Hybrids
You can even configure BIND9 to be a Caching and Master DNS server simultaneously, a Caching and a Slave server or even a Caching, Master and Slave server. All that is required is simply combining the differnet configuration examples from this document.
Stealth Servers
There are also two other common DNS server setups (used when working with zones for registered domain names), Stealth Master and Stealth Slave. These are effectively the same as Master and Slave DNS servers, but with a slight organisational difference.
For example, you have 3 DNS servers; A, B and C.
A is the Master, B and C are slaves.
If you configure your registered domain to use A and B as your domain's DNS servers, then C is a Stealth Slave. It's still a slave, but it's not going to be asked about the zone you are serving to the internet from A and B
If you configure your registerd domain to use B and C as your domain's DNS servers, then A is a stealth master. Any additional records or edits to the zone are done on A, but computers on the internet will only ever ask B and C about the zone.
DNS Record Types
There are lots of different DNS record types, but for a someone reading this document, you need only deal with these record types
Address Records
The most commonly used type of record.
www IN A 1.2.3.4
Alias Records
Used to create an alias from an existing A record. You cannot create a CNAME record pointing to another CNAME record.
mail IN CNAME www www IN A 1.2.3.4
Mail Exchange Records
Used to define where email should be sent to. Must point to an A record, not a CNAME.
IN MX mail.example.com. [...] mail IN A 1.2.3.4
Name Server Records
Used to define which servers serve copies of this zone. It must point to an A record, not a CNAME.
This is where Master and Slave servers are definied. Stealth servers are intentionally omitted.
IN NS ns.example.com. [...] ns IN A 1.2.3.4
Configuring BIND9
BIND9 Configuration files are stored in
/etc/bind/
The main configuration is stored in the following files
/etc/bind/named.conf /etc/bind/named.conf.options /etc/bind/named.conf.local
Caching Server
The default configuration is setup to act as a caching server by default.
All that is required is simply adding the IP numbers of your ISP's DNS servers.
Simply uncomment and edit the following:
named.conf.options: [...] forwarders { 1.2.3.4; 5.6.7.8; }; [...]
(where 1.2.3.4 and 5.6.7.8 are the IP numbers of your ISP's DNS servers)
Master Server
To add a DNS zone to BIND9, turning BIND9 into a Master server, all you simply have to do is:
named.conf.local: [...] zone "example.com" { type master; file "/etc/bind/db.example.com"; }; [...]
Now use an existing zone file as a template
$ sudo cp /etc/bind/db.local /etc/bind/db.example.com
Now, to edit our zone
db.example.com: ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1
Edit localhost.
to the FQDN of your server, with an additional "." at the end.
Eg:
db.example.com: ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA box.example.com. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1
Edit root.localhost
to be your email address, but with a "." instead of the "@", and another "." at the end.
Eg:
[email protected]
should be added as johndoe.example.com.
Increment the Serial number (you must increment the serial number for every time you make any changes to the zone file and reload the zone by restarting BIND9. If you make multiple changes before restarting BIND9, simply increment the serial once.
Tip: Many people like to use the last date edited as the serial of a zone, such as 2005010100
which is yyyymmddss (where s is serial)
Now, you can add DNS records to the bottom of the zone. Do remember to increment the serial as you add entries though.
Slave Server
First, on the master server, you have to allow the zone transfer. The sample zone definition in /etc/bind/named.conf.local
should like this:
[...] zone "example.com" { type master; file "/etc/bind/db.example.com"; allow-transfer { @ip_slave; }; }; [...]
On the slave, you have to proceed to the same installation that was done on the master. Then edit the /etc/bind/named.conf.local
and add the following declaration for the zone:
[...] zone "example.com" { type slave; file "/etc/bind/db.example.com"; masters { @ip_master; }; }; [...]
Restart the server, you should see in /var/log/syslog
something like:
syslog.5.gz:May 14 23:33:53 smith named[5064]: zone example.com/IN: transferred serial 2006051401 syslog.5.gz:May 14 23:33:53 smith named[5064]: transfer of 'example.com/IN' from 10.0.0.202#53: end of transfer
Chrooting BIND9
Chrooting BIND9 is a recommended setup from a security perspective. In a chroot enviroment, BIND9 has access to all the files and hardware devices it needs, but is unable to access anything it should not need.
To chroot BIND9, simply create a chroot enviroment for it and add the additional configuration below
The Chroot Enviroment
Create the following directory structure
$ sudo mkdir -p /chroot/named $ cd /chroot/named $ sudo mkdir -p dev etc/namedb/slave var/run
Set permissions for chroot environment
$ sudo chown root:root /chroot $ sudo chmod 700 /chroot $ sudo chown bind:bind /chroot/named $ sudo chmod 700 /chroot/named
Create or move the bind configuration file.
$ sudo touch /chroot/named/etc/named.conf
or
$ sudo cp /etc/named.conf /chroot/named/etc
Give write permissions to the user bind for /chroot/named/etc/namedb/slave directory.
$ sudo chown bind:bind /chroot/named/etc/namedb/slave
This is where the files for all slave zones will be kept. This increases security, by stopping the ability of an attacker to edit any of your master zone files if they do gain access as the bind user. Accordingly, all slave file names in the /chroot/named/etc/named.conf file will need to have directory names that designate the slave directory. An example zone definition is listed below.
zone “my.zone.com.” { type slave; file “slaves/my.zone.com.dns”; masters { 10.1.1.10; }; };
Create the devices BIND9 requires
$ sudo mknod /chroot/named/dev/null c 1 3 $ sudo mknod /chroot/named/dev/random c 1 8
Give the user bind access to the /chroot/named/var/run directory that will be used to strore PID and statistical data.
$ sudo chown bind:bind /chroot/named/var/run
BIND9's Configuration
Edit the bind startup options found in /etc/default/bind9. Change the line the reads:
/etc/default/bind9: OPTIONS=”-u bind”
So that it reads
/etc/default/bind9: OPTIONS="-u bind -t /var/named -t /chroot/named -c /etc/named.conf"
The -t option changes the root directory from which bind operates to be /chroot/named. The -c option tells Bind that the configuration file is located at /etc/named.conf. Remember that this path is relative to the root set by -t.
The named.conf file must also recieve extra options in order to run correctly below is a minimal set of options:
/chroot/named/etc/named.conf: options { directory "/etc/namedb"; pid-file "/var/run/named.pid"; statistics-file "/var/run/named.stats"; };
Ubuntu's syslod Daemon Configuration
/etc/init.d/sysklogd: [...] SYSLOGD="-u syslog -a /chroot/named/dev/log" [...]
(Author Note: Check this config)
Restart the syslog server and BIND9
$ sudo /etc/init.d/sysklogd restart $ sudo /etc/init.d/bind9 restart
At this point you should check /var/log/messages for any errors that may have been thrown by bind.
Starting, Stopping, and Restarting BIND9
Use the following command to start BIND9 :
$ sudo /etc/init.d/bind9 start
To stop it, use :
$ sudo /etc/init.d/bind9 stop
Finally, to restart it, run
$ sudo /etc/init.d/bind9 restart
Status
To check the status of your BIND9 installation:
$ host $record localhost
or
$ dig $record @localhost
(where localhost is the system you are setting BIND9 up on. If not localhost, use the appropriate IP number.)
Tips & Tricks
Additional Possibilities
You can monitor your BIND9 server usage by installing the bindgraph package from the Universe (To enable Universe - see AddingRepositoriesHowto) and following configuration details as outlined in bindgraph's README documents
Further Information
Online Recources
TLDP's "DNS HOWTO" (For General Overview)
Printed Resources
"DNS & BIND" - Paul Albitz & Cricket Liu - 4th Edition - "O'Reilly Press" (Amazon.com)
"DNS & BIND Cookbook" - Cricket Liu - 4th Edition - "O'Reilly Press" (Amazon.com)
CategoryDocumentation