360
01-29-2002, 11:04 AM
DNS Bind 9
Download and Configuration
Recommended Reading “DNS and Bind” O’Reilly. Also visit isc.org for Documentation.
Requirements:
1. Root access
2. At least one, static ip address that is registered with arin.net.
3. One registered domain name with one registered nameserver
4. Patience
Here is what we are about to do:
1. Download BIND with lynx.
2. Unpack the source code and build the program.
3. Create the necessary files that BIND needs on your server.
4. Locate the named executable and system error log file.
5. Start the software.
6. Check for errors.
7. Test the setup with nslookup
8. Configure RNDC
9. Write a script to started the name server on bootup.
Make sure port 53 is open on your network and /etc/services
Open /etc/services and make sure the port 53 lines are uncommented.
# vi /etc/services
You can also go to insecure.org and download a port scanner called Nmap.
After you install Nmap, become root and from a different linux box run this command
to see if port 53 is open on the specified network.
Port 53 may appear to be closed until you configure your DNS server properly.
Be patient. It may take a minute or two.
nmap -O -sT <ip_address_to_be_scanned>
Replace x with the version you download.
1. Go to the tmp directory
# cd /tmp
Use lynx to go to the ics.org website and download the current version of bind.
# lynx ics.org
navigate to the latest release of bind and download.
2. Unpack the Source Code
# tar zxvf bind-9.x.x.tar.gz
Move to the bind-9.x.x directory and run the following commands:
# cd /tmp/bind-9.x.x
# ./configure
# make all
# make install
3. Create the file /etc/named.conf.
# touch -c /etc/named.conf
# vi /etc/named.conf
/*
Below is the content of the named.conf file.
Note: In the third entry, if you have one single address, enter your ip address backwards.
So if my ip address is 12.345.67.89 , I would enter 89.67.345.12
If you have a block of address 12.345.67.89-93 or more, leave off the last set of numbers
when entering it backwards so it will look like 67.345.12
*/
options {
directory "/etc/named.d";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.d/localhost.rev";
};
zone "98.76.543.21.in-addr.arpa" {
type master;
file "/etc/named.d/98.76.543.21.rev";
};
zone "." {
type hint;
file "/etc/named.d/named.ca";
};
zone "yourdomain.com" {
type master;
file "/etc/named.d/yourdomain.com.db";
};
Now we need to create the directory /etc/named.d and put our zone files in it.
Type the following commands.
# mkdir /etc/named
# cd /etc/named
Now we will create the different files that we referred to in our conf file from top to bottom.
# vi 98.76.543.21.rev
//Here is the content of this file:
$TTL 3h
;
; 218.67.214.24.rev
;
;SOA records
98.76.543.21.in-addr.arpa. IN SOA ns1.yourdomain.com admin.yourdomain.com. (
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum
;NS RECORDS
IN NS ns1. yourdomain.com.
# vi localhost.rev
//Here is the content of this file:
$TTL 3h
;
; localhost.rev
;
@ IN SOA ns1.yourdomain.com admin.yourdomain.com. (
(
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum
;NS RECORDS
IN NS ns1. yourdomain.com.
1 IN PTR localhost.
# vi yourdomain.com.db
//Here is the content of this file:
$TTL 3h
;
; yourdomain.com.db
;
;SOA records
@ IN SOA ns1.yourdomain.com admin.yourdomain.com. (
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum
;NS RECORDS
IN NS ns1.yourdomain.com.
IN NS ns2.yourdomain.com.
IN MX 10 mail.yourdomain.com.
yourdomain.com. IN A 123.456.789.10
www IN A 123.456.789.10
ftp IN A 123.456.789.10
mail IN A 123.456.789.10
You can create more zone entries in the named.conf file for more domains
each one having a zone file like the one above with the proper ip addresses.
4. Now let’s find out where the named executable is. Type the following command:
# whereis named
named: /etc/named.conf /etc/named.d /usr/local/sbin/named
We see that named is in /usr/local/sbin.
Now let’s find out where your Syslog Errors are being logged. Type the following command:
# cd /etc
# vi syslog.conf
Here is what I found:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
5. The following command starts the name server.
# /usr/local/sbin/named
6. Check for errors in the /var/log/messages file with the following command.
# grep named /var/log/messages
Jan 29 beckweb /usr/local/sbin/named[1606]: starting BIND 9.1.3
Jan 29 beckweb /usr/local/sbin/named[1606]: using 1 CPU
Jan 29 beckweb /usr/local/sbin/named[1608]: loading configuration from '/etc/named.conf'
Jan 29 beckweb /usr/local/sbin/named[1608]: /etc/named.conf:82: references to zones not
implemented yet
Jan 29beckweb /usr/local/sbin/named[1608]: /etc/named.conf:82: parse error near /
Jan 29 beckweb /usr/local/sbin/named[1608]: loading configuration: failure
Jan 29 beckweb /usr/local/sbin/named[1608]: exiting (due to fatal error)
I see that in my named.conf file, I have a parse error on line 82.
This error would not allow named to start at bootup and
it also made port 53 appear closed during a port scan.
7. Use nslookup to test your setup. You will see the name server it used in your
/etc/resolv.conf file then your domain name and the address it is pointed to.
Type the following command.
# nslookup yourdomain.com
Server: <ip address or name of server>
Address: <ip address or name of server and port>
Name: <your domain name>
Address: <your ip address>
8. Configuring rndc for bind 9
Solution for connection refused based on notes from: http://www.mail-archive.com/comp-protocols-dns-bind@isc.org/msg03950.html
The solution seems to be in the order in which the statements are made in each file.
Create a new file, /etc/rndc.conf and add the snip below.
Your secret code must be duplicated in each file.
To create a secret code, you can use the command mmencod.
Type your secret code, hit enter and your secret code is created.
You may need to restart your server for the changes to take affect.
After restarting, to start named you can type the path of the server, /usr/sbin/named.
Mine is located at /usr/local/sbin/named.
Type wheris named, to find where named is on your server.
Keep in mind that named must be running to use rndc.
//-- rndc.conf snip
options {
default-server localhost;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc_key" {
algorithm hmac-md5;
secret "put_code_here" ; # to make a secret code, use:
}; # % mmencode
# foobarsecret
# Zm9vYmFyc2VjcmV0
// named.conf snip
options {
directory "/var/named"; #my dir is /etc/named.d
};
controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "put_code_here" ; # to make a secret code, use:
}; # % mmencode
# foobarsecret
# Zm9vYmFyc2VjcmV0
9. How to Start Named on boot-up.
We will run a script from /etc/init.d/named on boot-up using a soft link from
/etc/rc3.d/S55named or /etc/rc2.d/S55named,
depending on what your systems init default is.
To find out what your init default is, enter the command:
# vi /etc/inittab
Look for a line such as:
id:3:initdefault
Or
id:2:initdefault
I will use 3 but if yours is 2, change the number to 2 in the following.
You want named to start before such things as ssh and sendmail because
those deamons need DNS to run properly.
So to see what order my soft links are in , I could run the command:
# cd /etc/rc3.d ; ls
I might see that sendmail is S80sendmail so if ip use S55named then named
will start before sendmail because S55 comes before S80.
See if you have a file called /etc/init.d/named by typing the command:
# cd /etc/init.d ; ls
If you do have a filed call /etc/init.d/named, move it incase you need it by
entering the following comman:
# mv /etc/init.d/named /etc/init.d/named_old
Now create a file named /etc/init.d/named and put the following shell script in the file.
//--Begin Shell Script
#!/bin/sh
# Startup script for
#
if ! [ -x /usr/local/sbin/named ]; then
exit 0;
fi
if ! [ -f /etc/named.conf ]; then
exit 0;
fi
prog="named"
start() {
echo -n $"Starting $prog: "
/usr/local/sbin/named &
}
stop() {
echo -n $"Stopping $prog: "
/usr/local/sbin/rndc stop
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
/bin/ps -ef | grep na[Mm]ed
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
// ---End Shell Script
To creat a soft link from /etc/rc3.d/S55 to the script in /etc/init.d/named,
enter the following command:
ln -s /etc/init.d/named /etc/rc3.d/S55named
restart your server.
Download and Configuration
Recommended Reading “DNS and Bind” O’Reilly. Also visit isc.org for Documentation.
Requirements:
1. Root access
2. At least one, static ip address that is registered with arin.net.
3. One registered domain name with one registered nameserver
4. Patience
Here is what we are about to do:
1. Download BIND with lynx.
2. Unpack the source code and build the program.
3. Create the necessary files that BIND needs on your server.
4. Locate the named executable and system error log file.
5. Start the software.
6. Check for errors.
7. Test the setup with nslookup
8. Configure RNDC
9. Write a script to started the name server on bootup.
Make sure port 53 is open on your network and /etc/services
Open /etc/services and make sure the port 53 lines are uncommented.
# vi /etc/services
You can also go to insecure.org and download a port scanner called Nmap.
After you install Nmap, become root and from a different linux box run this command
to see if port 53 is open on the specified network.
Port 53 may appear to be closed until you configure your DNS server properly.
Be patient. It may take a minute or two.
nmap -O -sT <ip_address_to_be_scanned>
Replace x with the version you download.
1. Go to the tmp directory
# cd /tmp
Use lynx to go to the ics.org website and download the current version of bind.
# lynx ics.org
navigate to the latest release of bind and download.
2. Unpack the Source Code
# tar zxvf bind-9.x.x.tar.gz
Move to the bind-9.x.x directory and run the following commands:
# cd /tmp/bind-9.x.x
# ./configure
# make all
# make install
3. Create the file /etc/named.conf.
# touch -c /etc/named.conf
# vi /etc/named.conf
/*
Below is the content of the named.conf file.
Note: In the third entry, if you have one single address, enter your ip address backwards.
So if my ip address is 12.345.67.89 , I would enter 89.67.345.12
If you have a block of address 12.345.67.89-93 or more, leave off the last set of numbers
when entering it backwards so it will look like 67.345.12
*/
options {
directory "/etc/named.d";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/named.d/localhost.rev";
};
zone "98.76.543.21.in-addr.arpa" {
type master;
file "/etc/named.d/98.76.543.21.rev";
};
zone "." {
type hint;
file "/etc/named.d/named.ca";
};
zone "yourdomain.com" {
type master;
file "/etc/named.d/yourdomain.com.db";
};
Now we need to create the directory /etc/named.d and put our zone files in it.
Type the following commands.
# mkdir /etc/named
# cd /etc/named
Now we will create the different files that we referred to in our conf file from top to bottom.
# vi 98.76.543.21.rev
//Here is the content of this file:
$TTL 3h
;
; 218.67.214.24.rev
;
;SOA records
98.76.543.21.in-addr.arpa. IN SOA ns1.yourdomain.com admin.yourdomain.com. (
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum
;NS RECORDS
IN NS ns1. yourdomain.com.
# vi localhost.rev
//Here is the content of this file:
$TTL 3h
;
; localhost.rev
;
@ IN SOA ns1.yourdomain.com admin.yourdomain.com. (
(
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum
;NS RECORDS
IN NS ns1. yourdomain.com.
1 IN PTR localhost.
# vi yourdomain.com.db
//Here is the content of this file:
$TTL 3h
;
; yourdomain.com.db
;
;SOA records
@ IN SOA ns1.yourdomain.com admin.yourdomain.com. (
1 ; serial
3h ; refresh
1h ; retry
1w ; expire
1h ) ; minimum
;NS RECORDS
IN NS ns1.yourdomain.com.
IN NS ns2.yourdomain.com.
IN MX 10 mail.yourdomain.com.
yourdomain.com. IN A 123.456.789.10
www IN A 123.456.789.10
ftp IN A 123.456.789.10
mail IN A 123.456.789.10
You can create more zone entries in the named.conf file for more domains
each one having a zone file like the one above with the proper ip addresses.
4. Now let’s find out where the named executable is. Type the following command:
# whereis named
named: /etc/named.conf /etc/named.d /usr/local/sbin/named
We see that named is in /usr/local/sbin.
Now let’s find out where your Syslog Errors are being logged. Type the following command:
# cd /etc
# vi syslog.conf
Here is what I found:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
5. The following command starts the name server.
# /usr/local/sbin/named
6. Check for errors in the /var/log/messages file with the following command.
# grep named /var/log/messages
Jan 29 beckweb /usr/local/sbin/named[1606]: starting BIND 9.1.3
Jan 29 beckweb /usr/local/sbin/named[1606]: using 1 CPU
Jan 29 beckweb /usr/local/sbin/named[1608]: loading configuration from '/etc/named.conf'
Jan 29 beckweb /usr/local/sbin/named[1608]: /etc/named.conf:82: references to zones not
implemented yet
Jan 29beckweb /usr/local/sbin/named[1608]: /etc/named.conf:82: parse error near /
Jan 29 beckweb /usr/local/sbin/named[1608]: loading configuration: failure
Jan 29 beckweb /usr/local/sbin/named[1608]: exiting (due to fatal error)
I see that in my named.conf file, I have a parse error on line 82.
This error would not allow named to start at bootup and
it also made port 53 appear closed during a port scan.
7. Use nslookup to test your setup. You will see the name server it used in your
/etc/resolv.conf file then your domain name and the address it is pointed to.
Type the following command.
# nslookup yourdomain.com
Server: <ip address or name of server>
Address: <ip address or name of server and port>
Name: <your domain name>
Address: <your ip address>
8. Configuring rndc for bind 9
Solution for connection refused based on notes from: http://www.mail-archive.com/comp-protocols-dns-bind@isc.org/msg03950.html
The solution seems to be in the order in which the statements are made in each file.
Create a new file, /etc/rndc.conf and add the snip below.
Your secret code must be duplicated in each file.
To create a secret code, you can use the command mmencod.
Type your secret code, hit enter and your secret code is created.
You may need to restart your server for the changes to take affect.
After restarting, to start named you can type the path of the server, /usr/sbin/named.
Mine is located at /usr/local/sbin/named.
Type wheris named, to find where named is on your server.
Keep in mind that named must be running to use rndc.
//-- rndc.conf snip
options {
default-server localhost;
default-key "rndc-key";
};
server localhost {
key "rndc-key";
};
key "rndc_key" {
algorithm hmac-md5;
secret "put_code_here" ; # to make a secret code, use:
}; # % mmencode
# foobarsecret
# Zm9vYmFyc2VjcmV0
// named.conf snip
options {
directory "/var/named"; #my dir is /etc/named.d
};
controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "put_code_here" ; # to make a secret code, use:
}; # % mmencode
# foobarsecret
# Zm9vYmFyc2VjcmV0
9. How to Start Named on boot-up.
We will run a script from /etc/init.d/named on boot-up using a soft link from
/etc/rc3.d/S55named or /etc/rc2.d/S55named,
depending on what your systems init default is.
To find out what your init default is, enter the command:
# vi /etc/inittab
Look for a line such as:
id:3:initdefault
Or
id:2:initdefault
I will use 3 but if yours is 2, change the number to 2 in the following.
You want named to start before such things as ssh and sendmail because
those deamons need DNS to run properly.
So to see what order my soft links are in , I could run the command:
# cd /etc/rc3.d ; ls
I might see that sendmail is S80sendmail so if ip use S55named then named
will start before sendmail because S55 comes before S80.
See if you have a file called /etc/init.d/named by typing the command:
# cd /etc/init.d ; ls
If you do have a filed call /etc/init.d/named, move it incase you need it by
entering the following comman:
# mv /etc/init.d/named /etc/init.d/named_old
Now create a file named /etc/init.d/named and put the following shell script in the file.
//--Begin Shell Script
#!/bin/sh
# Startup script for
#
if ! [ -x /usr/local/sbin/named ]; then
exit 0;
fi
if ! [ -f /etc/named.conf ]; then
exit 0;
fi
prog="named"
start() {
echo -n $"Starting $prog: "
/usr/local/sbin/named &
}
stop() {
echo -n $"Stopping $prog: "
/usr/local/sbin/rndc stop
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
/bin/ps -ef | grep na[Mm]ed
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
// ---End Shell Script
To creat a soft link from /etc/rc3.d/S55 to the script in /etc/init.d/named,
enter the following command:
ln -s /etc/init.d/named /etc/rc3.d/S55named
restart your server.