How I Got Bind9 Working On Debian Etch

How I Got Bind9 Working On Debian Etch - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: DNS and DHCP (https://www.linux-noob.com/forums/forum-84.html)
+--- Thread: How I Got Bind9 Working On Debian Etch (/thread-1483.html)

How I Got Bind9 Working On Debian Etch - DustyBin - 2007-03-27

TARGET MACHINE

apt-get install bind9

edit /etc/bind/named.conf.local

Code:
zone "yourdomain.net" {
	type master;
	file "/etc/bind/zones/yourdomain.net.db";
	};

zone "0.168.192.in-addr.arpa" {
 type master;
 file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};

mkdir /etc/bind/zones

edit /etc/bind/zones/yourdomain.net.db

Code:
yourdomain.net.	  IN	  SOA	 ns1.yourdomain.net. admin.yourdomain.net. (
													0000000001
													28800
													3600
													604800
													38400
)

yourdomain.net.	  IN	  NS			  ns1.yourdomain.net.
yourdomain.net.	  IN	  MX	 10	   yourdomain.net.

www			  IN	  A	   **serverIP**
mta			  IN	  A	   **serverIP**
ns1			  IN	  A	   **serverIP**

edit /etc/bind/zones/rev.0.168.192.in-addr.arpa

The number before IN PTR yourdomain.net. is the machine address of the DNS server. in my case, it's 3, as my IP address is 192.168.0.3.

Code:
@ IN SOA ns1.yourdomain.net. admin.yourdomain.net. (
					0000000001;
					28800;
					604800;
					604800;
					86400
)

				 IN	NS	 ns1.yourdomain.net.
3					IN	PTR	yourdomain.net.

CONFIGURING THE NETWORK INTERFACES

edit etc/network/interfaces

my particular LAN has static local addresses assigned by my router. I removed anything to do with DHCP so it wont overwrite /etc/resolv.conf and entered the relevant details so it looked like this but remember to change your details accordingly for your setup.

Code:
# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.0.2
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255

Remove network-manager so this also doesnt overwrite the /etc/resolv.conf

apt-get remove --purge network-manager

edit /etc/resolv.conf

Code:
nameserver 127.0.0.1

Restart the network interfaces and check to make sure /etc/resolv.conf hasnt changed!

/etc/init.d/networking restart

now try pinging www.yourdomain.net

If all went well you could repeat 'CONFIGURING THE NETWORK INTERFACES' for other machines on your LAN so it uses bind9 as the name server but remember to point /etc/resolv.conf at the machine running bind9!

CHROOTING BIND9

It is VERY IMPORTANT to be running Bind9 as secure as possible. Heres how you chroot Bind9 on Debian Etch.

magikman from #linux-noob / efnet kindly showed me how to do this.

edit /etc/default/bind9

Code:
OPTIONS="-u bind -t /var/lib/named"

mkdir -p /var/lib/named/etc

mkdir /var/lib/named/dev

mkdir -p /var/lib/named/var/cache/bind

mkdir -p /var/lib/named/var/run/bind/run

mv /etc/bind /var/lib/named/etc

ln -s /var/lib/named/etc/bind /etc/bind

mknod /var/lib/named/dev/null c 1 3

mknod /var/lib/named/dev/random c 1 8

chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random

chown -R bind:bind /var/lib/named/var/*

chown -R bind:bind /var/lib/named/etc/bind

edit /etc/init.d/sysklogd

Code:
SYSLOGD="-a /var/lib/named/dev/log"

/etc/init.d/sysklogd restart

/etc/init.d/bind9 restart

Now you will running Bind9 chrooted :-)