User Tools

Site Tools


linux:applications:bind

BIND - Domain Name Server

Looking for a bind administration utiliy for managing many zones? Take a look at my open source application named-admin ;-)

Setup a caching name server under RHEL 5

Install the required packages:

yum install bind bind-chroot bind-libs bind-utils caching-nameserver

Create a rndc config file at /var/named/chroot/etc/rndc.conf with the following content:

include "/etc/rndc.key";
options {
default-server localhost;
default-key "rndckey";
};
server localhost {
key "rndckey";
}; 

Create a simlink to the rndc default path:

ln -s /var/named/chroot/etc/rndc.conf /etc/rndc.conf

Create your own rndc.key (RedHat provides a default key):

rndc-confgen > rndc.key
chown root:named rndc.key 

The sections the key file should contain are those below, you can delete any other options:

key "rndckey" {
algorithm hmac-md5;
secret <your personal key>;
};

Again a symlink to the standard path:

ln -s /var/named/chroot/etc/rndc.key /etc/rndc.key

The caching-nameserver package provides you with an example caching name server configuration file. You can copy it to your chroot environment and edit it:

cp named.caching-nameserver.conf /var/named/chroot/etc/named.conf

It's recommended to have the information about root DNS server on your system. That's how to get it:

wget -P /var/named/chroot/var/named/ http://www.internic.net/zones/named.root 

Check the syntax of your named configuration:

named-checkconf /var/named/chroot/etc/named.conf

Now your ready to start named:

service named start
Check /var/log/messages for any named logs after startup

Use chkconfig to start named automatically at server boot up:

chkconfig named on 

Check rndc access with the following command:

rndc status

Access rights

Under Read Hat the bind database files are stored under /var/named. It's important that the user “named” has appropriate access rights on the directory.

Test access rights

Read, write and execute permissions are required for the owner named on the directory /var/named (700):

ls -ld /var/named/
drwx------    4 named    named       49152 Aug 13 10:00 /var/named

Read and write permissions are required for the owner named on all files within the directory /var/named (600):

ls -l /var/named/
total 6700
drwx------    4 named    named       49152 Aug 13 10:40 ./
drwxr-xr-x   26 root     root         4096 Mar  5 16:05 ../
-rw-------    1 named    named         422 Aug 13 10:03 zone1.com.db
-rw-------    1 named    named         458 Aug 13 08:57 zone2.ch.db
-rw-------    1 named    named        1042 Aug 13 08:57 zone3.ch.db.jnl
-rw-------    1 named    named         435 Aug 13 10:13 zone4.ch.db
-rw-------    1 named    named         435 Aug 13 10:07 zone5.ch.db
-rw-------    1 named    named         433 Aug 13 09:03 zone6.ch.db
-rw-------    1 named    named         401 Jul 26  2006 35.141.195.db
...

Fix access rights for named

Set ownership and permissions for user named:

chown -R named.named /var/named
chmod 700 /var/named
chmod -R 600 /var/named/*

IP binding for multiple public interfaces

When the DNS server has multiple public IP's you have to make sure bind uses the right correct IP for all transactions. IP binding can be configured in the options section of named.conf:

options {
  listen-on { 127.0.0.1; 62.73.172.166; };
  query-source address 62.73.172.166;
  notify-source 62.73.172.166;
  transfer-source 62.73.172.166;
  ...
};

Daily bind

check the syntax manually

Execute the named-checkconf utility to check the syntax of named.conf:

sudo named-checkconf

If no errors are returned from the command, the syntax is fine.

restart bind manually

sudo service named restart
/srv/wiki.niwos.com/data/pages/linux/applications/bind.txt · Last modified: 2010/04/07 11:55 (external edit)