Jump to content
Sign in to follow this  
DustyBin

How I Got Bind9 Working On Debian Etch

Recommended Posts

TARGET MACHINE

 

apt-get install bind9

 

edit /etc/bind/named.conf.local

zone "yourdomain.net" {
	type master;
	file "/etc/bind/zones/yourdomain.net.db";
	};

zone "0.168.192.in-addr.arpa" {
 type master;
 file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};

 

mkdir /etc/bind/zones

edit /etc/bind/zones/yourdomain.net.db

yourdomain.net.	  IN	  SOA	 ns1.yourdomain.net. admin.yourdomain.net. (
													0000000001
													28800
													3600
													604800
													38400
)

yourdomain.net.	  IN	  NS			  ns1.yourdomain.net.
yourdomain.net.	  IN	  MX	 10	   yourdomain.net.

www			  IN	  A	   **serverIP**
mta			  IN	  A	   **serverIP**
ns1			  IN	  A	   **serverIP**

 

edit /etc/bind/zones/rev.0.168.192.in-addr.arpa

The number before IN PTR yourdomain.net. is the machine address of the DNS server. in my case, it's 3, as my IP address is 192.168.0.3.

@ IN SOA ns1.yourdomain.net. admin.yourdomain.net. (
					0000000001;
					28800;
					604800;
					604800;
					86400
)

				 IN	NS	 ns1.yourdomain.net.
3					IN	PTR	yourdomain.net.

 

CONFIGURING THE NETWORK INTERFACES

 

edit etc/network/interfaces

my particular LAN has static local addresses assigned by my router. I removed anything to do with DHCP so it wont overwrite /etc/resolv.conf and entered the relevant details so it looked like this but remember to change your details accordingly for your setup.

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 192.168.0.2
gateway 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255

 

Remove network-manager so this also doesnt overwrite the /etc/resolv.conf

 

apt-get remove --purge network-manager

 

edit /etc/resolv.conf

nameserver 127.0.0.1

 

Restart the network interfaces and check to make sure /etc/resolv.conf hasnt changed!

 

/etc/init.d/networking restart

 

 

now try pinging www.yourdomain.net

 

If all went well you could repeat 'CONFIGURING THE NETWORK INTERFACES' for other machines on your LAN so it uses bind9 as the name server but remember to point /etc/resolv.conf at the machine running bind9!

 

 

CHROOTING BIND9

 

It is VERY IMPORTANT to be running Bind9 as secure as possible. Heres how you chroot Bind9 on Debian Etch.

magikman from #linux-noob / efnet kindly showed me how to do this.

 

edit /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"

mkdir -p /var/lib/named/etc

mkdir /var/lib/named/dev

mkdir -p /var/lib/named/var/cache/bind

mkdir -p /var/lib/named/var/run/bind/run

mv /etc/bind /var/lib/named/etc

ln -s /var/lib/named/etc/bind /etc/bind

mknod /var/lib/named/dev/null c 1 3

mknod /var/lib/named/dev/random c 1 8

chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random

chown -R bind:bind /var/lib/named/var/*

chown -R bind:bind /var/lib/named/etc/bind

 

edit /etc/init.d/sysklogd

SYSLOGD="-a /var/lib/named/dev/log"

/etc/init.d/sysklogd restart

 

/etc/init.d/bind9 restart

 

Now you will running Bind9 chrooted :-)

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...