BIND — Gentoo Install and Configure

I’ve got a lot of hosts on my network, and sometimes I get the IP address wrong.
So I want to set up BIND to manage my DNS queries.
There a lot of DNS servers you can use under Linux but I want to use bind for two main reasons:-
* its  pretty much industry standard
* it supports a lot of extra features and record types that some of the others do not.

Commands to be typed on console are in Italics.

Installing bind under Gentoo is  very simple. Consists of two steps :-
1) Set up your use flags.  ( I don’t need to set any additional USE flags for my needs)
2) type:-
# emerge bind
3) emerge in the tools for later on testing
# emerge  bind-tools

After the install we need to configure bind. First thing I like to do is set up logging so its easier to find out when when things break.

Create a new file under /etc/bind , called log.conf

  1. # nano /etc/bind/log.conf
    The following lines set up logging for each part of bind and sets up log file size.
    add the following to the file :-

    logging {

    channel default_file { file “/var/log/bind/default.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel general_file { file “/var/log/bind/general.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel database_file { file “/var/log/bind/database.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel security_file { file “/var/log/bind/security.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel config_file { file “/var/log/bind/config.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel resolver_file { file “/var/log/bind/resolver.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel xfer-in_file { file “/var/log/bind/xfer-in.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel xfer-out_file { file “/var/log/bind/xfer-out.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel notify_file { file “/var/log/bind/notify.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel client_file { file “/var/log/bind/client.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel unmatched_file { file “/var/log/bind/unmatched.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel queries_file { file “/var/log/bind/queries.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel network_file { file “/var/log/bind/network.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel update_file { file “/var/log/bind/update.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel dispatch_file { file “/var/log/bind/dispatch.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel dnssec_file { file “/var/log/bind/dnssec.log” versions 3 size 2m; severity dynamic; print-time yes; };
    channel lame-servers_file { file “/var/log/bind/lame-servers.log” versions 3 size 2m; severity dynamic; print-time yes; };category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };};
  2. Create the following directory :-
    # mkdir /var/log/bind
    Set premissions/owner:-
    # chmod g+w /var/log/bind; chgrp named /var/log/bind
  3. edit /etc/bind/named.conf
    I want this DNS server forward first, then ask local so un-comment the following:-
    forward first;
    forwarders {
    192.168.x.x; # Change to your upstream DNS resolver
    };

    Update the “listen-on” section to listen on local and internal network:-
    listen-on { 127.0.0.1; 192.168.x.x; }
    I want anyone of my local client to allow query’s
    allow-query { any; }
    I also want to collect stats:-
    zone-statistics yes;
    statistics-file “var/log/named.stats”;
    Set up the internal zone:-
    zone “undersys.net” {
    type master;
    allow-update { any; };
    file “internal/undersys.net.fw”;
    };
    zone “0.168.192.in-addr.arpa” {
    type master;
    allow-update { any; };
    file “internal/undersys.net.rev”;
    };
    
    I know its not the most secure setup, but I am not after that I want something that will bend and flex to my odd requirements when needed.
  4. Now we need to create the zone directory and files.
    Create the zone directly and symlink
    # mkdir /var/bind/internal
    # ln -s /var/bind/internal /etc/bind/internal
    # touch /var/bind/internal/undersys.net.fw
    # touch /var/bind/internal/undersys.net.rev
  5. Create the forward lookup file entry’s
    # nano /var/bind/internal/undersys.net.fw
    Mine has the following:-
    $ORIGIN undersys.net.
    $TTL 1200

    @    IN    SOA    ns1.undersys.net.  undersys.undersys.net. (
    20091109    ; serial (YYYYMMDDrr)
    1800        ; refresh (30 minutes)
    900        ; retry (15 minutes)
    1209600        ; expire (2 weeks)
    1200        ; minimum TTL (20 minutes)
    )

    NS    ns1.undersys.net.
    NS    ns2.undersys.net.
    A    192.168.0.117
    MX    10  mail.undersys.net.
    mail    A    192.168.x.xxx
    ns1    A    192.168.0.xxx
    ns2    A    192.168.0.xxx

    deploy    A    192.168.0.xxx
  6. Create the reverse lookup file entry’s
    # nano /var/bind/internal/undersys.net.rev
    Mine has the following:-
    $TTL 7200
    0.168.192.in-addr.arpa.    IN SOA 0.168.192.in-addr.arpa. root.undersys.net. (
    20091109    ; serial
    7200        ; refresh (2 hours)
    1800        ; retry (30 minutes)
    604800        ; expire (1 week)
    7200        ; minimum (2 hours)
    )

    NS ns1.undersys.net.
    NS ns2.undersys.net.
    xxx    PTR    ns1.
    xxx    PTR    ns2.
    xxx    PTR    deploy.
  7. Start the named service
    # /etc/init.d/named start

    Check the following log file for errors:-
    /var/log/bind/general.log
  8. Check to ensure its working
    # dig @ns1.undersys.net undersys.net
    # dig http://www.google.com undersys.net
    # dig localmachine undersys.net
    This should return results for each host.
  9. If that’s all good add it to start on boot :-
    # rc-update add named default
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: