BIND -- Gentoo Install and Configure
I've got a lot of hosts on my network, and sometimes I get the IP address wrong. So I want to set up BIND to manage my DNS queries. There a lot of DNS servers you can use under Linux but I want to use bind for two main reasons :
- its pretty much industry standard
- it supports a lot of extra features and record types that some of the others do not.
Installing bind under Gentoo is very simple. Consists of two steps :
- Set up your use flags. ( I don't need to set any additional USE flags for my needs)
- emerge bind :
# emerge bind
Emerge in the tools for later on testing :
# emerge bind-tools
After the install we need to configure bind. First thing I like to do is set up logging so its easier to find out when when things break.
Create a new file under /etc/bind , called log.conf Then edit the new file :
# vim nano /etc/bind/log.conf
The following lines set up logging for each part of bind and sets up log file size. Add the following to the file :-
channel default_file { file "/var/log/bind/default.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/bind/general.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/bind/database.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/bind/security.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/bind/config.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/bind/resolver.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/bind/xfer-in.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/bind/xfer-out.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/bind/notify.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/bind/client.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/bind/unmatched.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel queries_file { file "/var/log/bind/queries.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/bind/network.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/bind/update.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/bind/dispatch.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/bind/dnssec.log" versions 3 size 2m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/bind/lame-servers.log" versions 3 size 2m; severity dynamic; print-time yes; };category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };};
Create the following directory :
# mkdir /var/log/bind
Set premissions/owner :
# chmod g+w /var/log/bind; chgrp named /var/log/bind
Edit /etc/bind/named.conf :
forward first;
forwarders {
192.168.x.x; # Change to your upstream DNS resolver
};
#Update the "listen-on" section to listen on local and internal network:-
listen-on { 127.0.0.1; 192.168.x.x; }
#I want anyone of my local client to allow query's
allow-query { any; }
# I also want to collect stats :
zone-statistics yes;
statistics-file "var/log/named.stats";
# Set up the internal zone :
zone "undersys.net" {
type master;
allow-update { any; };
file "internal/undersys.net.fw";
};
zone "0.168.192.in-addr.arpa" {
type master;
allow-update { any; };
file "internal/undersys.net.rev";
};
I know its not the most secure setup, but I am not after that I want something that will bend and flex to my odd requirements when needed. Now we need to create the zone directory and files. Create the zone directly and symlink :
# mkdir /var/bind/internal
# ln -s /var/bind/internal /etc/bind/internal
# touch /var/bind/internal/undersys.net.fw
# touch /var/bind/internal/undersys.net.rev
Create the forward lookup file entry's :
# vim /var/bind/internal/undersys.net.fw
Mine has the following :
$ORIGIN undersys.net.
$TTL 1200
@ IN SOA ns1.undersys.net. undersys.undersys.net. (
20091109 ; serial (YYYYMMDDrr)
1800 ; refresh (30 minutes)
900 ; retry (15 minutes)
1209600 ; expire (2 weeks)
1200 ; minimum TTL (20 minutes)
)
NS ns1.undersys.net.
NS ns2.undersys.net. A 192.168.0.117
MX 10 mail.undersys.net.
mail A 192.168.x.xxx
ns1 A 192.168.0.xxx
ns2 A 192.168.0.xxx
deploy A 192.168.0.xxx
Create the reverse lookup file entry's :
# vim /var/bind/internal/undersys.net.rev
Mine has the following :
$TTL 7200
0.168.192.in-addr.arpa. IN SOA 0.168.192.in-addr.arpa. root.undersys.net. (
20091109 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
7200 ; minimum (2 hours)
)
NS ns1.undersys.net.
NS ns2.undersys.net. xxx PTR ns1.
xxx PTR ns2.
xxx PTR deploy.
Start the named service :
# /etc/init.d/named start
Check the following log file for errors :
/var/log/bind/general.log
Check to ensure its working from a client machine :
# dig @ns1.undersys.net undersys.net
# dig www.google.com undersys.net
# dig localmachine undersys.net
This should return results for each host. If that's all good add it to start on boot :
# rc-update add named default