diff --git a/server/other/bind.xml b/server/other/bind.xml index 1397bec837..7e0251ad36 100644 --- a/server/other/bind.xml +++ b/server/other/bind.xml @@ -1,11 +1,10 @@ - + <acronym>BIND</acronym>-&bind-version; &bind-intro; &bind-inst; &bind-config; -&bind-config-exp; &bind-desc; diff --git a/server/other/bind/bind-config-exp.xml b/server/other/bind/bind-config-exp.xml deleted file mode 100644 index a029b06411..0000000000 --- a/server/other/bind/bind-config-exp.xml +++ /dev/null @@ -1,35 +0,0 @@ - -Configuration command explanations -groupadd -g 200 named -useradd -m -g named -u 200 -s /bin/false named -cd /home/named -mkdir -p dev etc/namedb/slave var/run -mknod /home/named/dev/null c 1 3 -mknod /home/named/dev/random c 1 8 -chmod 666 /home/named/dev/{null,random} -mkdir /home/named/etc/namedb/pz -cp /etc/localtime /home/named/etc -Create the unprivileged user and group named, along with device files -that named will need access to inside the chroot jail. - -cat > /home/named/etc/named.conf << -"EOF" : Create the BIND configuration file, from which named will read the -location of zone files, root name servers and secure DNS keys. -cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" : Create a single zone file. -cat > /home/named/etc/namedb/root.hints << "EOF" : The root.hints file is a list of root name servers. This file must be -updated periodically with the dig utility. Consult the BIND 9 -Administrator Reference Manual for details. -cat > /etc/rndc.conf << "EOF" : The rndc.conf file contains information for controlling named -operations with the rndc utility. - -cat > /etc/resolv.conf << "EOF" : The resolv.conf file will specify the local host(127.0.0.1) as the -name server. - -cat > /etc/rc.d/init.d/bind << -"EOF" : Create the boot script for BIND 9, used to start and stop the name -server daemon, named. - - - - - diff --git a/server/other/bind/bind-config.xml b/server/other/bind/bind-config.xml index e8c329ff45..ae7c5b722f 100644 --- a/server/other/bind/bind-config.xml +++ b/server/other/bind/bind-config.xml @@ -1,29 +1,41 @@ -Configuring BIND -We will configure BIND to run in a chroot jail as an unprivileged -user(named). This configuration is more secure in that a DNS -compromise can only affect a few files in the named user's $HOME -directory +Configuring +<application><acronym>BIND</acronym></application> -First we set up some files and directories needed by -BIND: -groupadd -g 200 named && -useradd -m -g named -u 200 -s /bin/false named && -cd /home/named && +Config files +named.conf, root.hints, +127.0.0, rndc.conf + + +Configuration Information + +We will configure +BIND to run in a chroot +jail as an unprivileged user (named). This configuration is more secure +in that a DNS compromise can only affect a few files +in the named user's $HOME directory. + +First we create the unpriviledged user and group named: + +groupadd -g 200 named && +useradd -m -g named -u 200 -s /bin/false named + +Then we set up some files, directories and devices needed by +BIND: + +cd /home/named && mkdir -p dev etc/namedb/slave var/run && mknod /home/named/dev/null c 1 3 && mknod /home/named/dev/random c 1 8 && chmod 666 /home/named/dev/{null,random} && mkdir /home/named/etc/namedb/pz && -cp /etc/localtime /home/named/etc +cp /etc/localtime /home/named/etc -Config files -named.conf, -root.hints, 127.0.0 and -rndc.conf +Create the named.conf file from which named +will read the location of zone files, root name servers and secure +DNS keys: -Create the named.conf file with the following commands: -cat > /home/named/etc/named.conf << "EOF" +cat > /home/named/etc/named.conf << "EOF" options { directory "/etc/namedb"; pid-file "/var/run/named.pid"; @@ -45,9 +57,11 @@ cp /etc/localtime /home/named/etc type master; file "pz/127.0.0"; }; -EOF -Create a zone file with the following contents: -cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" +>EOF + +Create a zone file with the following contents: + +cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" $TTL 3D @ IN SOA ns.local.domain. hostmaster.local.domain. ( 1 ; Serial @@ -57,12 +71,15 @@ $TTL 3D 1D) ; Minimum TTL NS ns.local.domain. 1 PTR localhost. -EOF +EOF + +Create the root.hints file with the following +commands: -Create the root.hints file with the following commands: Caution must be used to insure no leading spaces in this file. -cat > /home/named/etc/namedb/root.hints << "EOF" + +cat > /home/named/etc/namedb/root.hints << "EOF" . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. @@ -89,10 +106,17 @@ J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 -EOF +>EOF + +The root.hints file is a list of root name +servers. This file must be updated periodically with the +dig utility. +Consult the BIND 9 Administrator Reference Manual for +details. Create the rndc.conf with the following commands: -cat > /etc/rndc.conf << "EOF" + +cat > /etc/rndc.conf << "EOF" key rndc_key { algorithm "hmac-md5"; secret @@ -102,25 +126,33 @@ options { default-server localhost; default-key rndc_key; }; -EOF +EOF + +The rndc.conf file contains information for +controlling named operations with the rndc +utility. + +Create or modify resolv.conf to use the new +name server with the following commands: -Create or modify resolv.conf to use the new name server with the -following commands: Replace yourdomain.com with your own valid domain name. -cp /etc/resolv.conf /etc/resolv.conf.bak && -cat > /etc/resolv.conf << "EOF" +cp /etc/resolv.conf /etc/resolv.conf.bak && +cat > /etc/resolv.conf << "EOF" search yourdomain.com nameserver 127.0.0.1 -EOF +>EOF Set permissions on the chroot jail with the following command: -chown -R named.named /home/named -Create the BIND boot script: -cat > /etc/rc.d/init.d/bind << "EOF" +chown -R named.named /home/named + +Create the BIND +boot script: + +cat > /etc/rc.d/init.d/bind << "EOF" #!/bin/bash # Begin $rc_base/init.d/bind # Based on sysklogd script from LFS-3.1 and earlier. @@ -156,34 +188,45 @@ case "$1" in ;; esac # End $rc_base/init.d/bind -EOF +EOF Add the run level symlinks: -chmod 754 /etc/rc.d/init.d/bind && + +chmod 754 /etc/rc.d/init.d/bind && ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc0.d/K49bind && ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc1.d/K49bind && ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc2.d/K49bind && ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc3.d/S22bind && ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc4.d/S22bind && ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc5.d/S22bind && -ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc6.d/K49bind +ln -s /etc/rc.d/init.d/bind /etc/rc.d/rc6.d/K49bind -Now start BIND with the new boot script: -/etc/rc.d/init.d/bind start +Now start BIND with +the new boot script: + +/etc/rc.d/init.d/bind start + + + +Testing <application><acronym>BIND</acronym></application> + +Test out the new +BIND 9 installation. First +query the local host address with dig: + +dig -x 127.0.0.1 -Testing BIND -Test out the new BIND 9 installation. First query the local -host address with dig: -dig -x 127.0.0.1 Now try an external name lookup, taking note of the speed -difference in repeated lookups due to the caching. Run the dig -command twice on the same address: -dig beyond.linuxfromscratch.org && -dig beyond.linuxfromscratch.org -You can see almost instantaneous results with the named caching -lookups. Consult -bind-&bind-version;/doc/arm/Bv9ARM.html, the BIND -Administrator Reference Manual for further configuration options. - - +difference in repeated lookups due to the caching. Run the dig command +twice on the same address: +dig beyond.linuxfromscratch.org && +dig beyond.linuxfromscratch.org +You can see almost instantaneous results with the named caching lookups. +Consult bind-&bind-version;/doc/arm/Bv9ARM.html, +the BIND Administrator +Reference Manual for further configuration options. + + + + diff --git a/server/other/bind/bind-desc.xml b/server/other/bind/bind-desc.xml index 249cb0b039..8813df605c 100644 --- a/server/other/bind/bind-desc.xml +++ b/server/other/bind/bind-desc.xml @@ -1,53 +1,73 @@ Contents -The BIND package contains -dig, -host, -rndc, -rndc-confgen, -named-checkconf, -named-checkzone, -lwresd, -named, -dnssec-signzone, -dnssec-signkey, -dnssec-keygen, -dnssec-makekeyset and -nsupdate. +The BIND package contains +dig, +host, +rndc, +rndc-confgen, +named-checkconf, +named-checkzone, +lwresd, +named, +dnssec-signzone, +dnssec-signkey, +dnssec-keygen, +dnssec-makekeyset and +nsupdate. Description dig -dig interrogates DNS servers. -host -host is a utility for DNS lookups. -rndc -rndc controls the operation of BIND. -rndc-confgen -rndc-confgen generates rndc.conf files. -named-checkconf -named-checkconf checks the syntax of named.conf -files. -named-checkzone -named-checkzone checks zone file validity. -lwresd -lwresd is a caching-only name server for local process -use. -named -named is the name server daemon. -dnssec-signzone -dnssec-signzone generates signed versions of zone -files. -dnssec-signkey -dnssec-signkey signs zone file key sets. -dnssec-keygen -dnssec-keygen is a key generator for secure DNS. -dnssec-makekeyset -dnssec-makekeyset generates a key set from one or more keys -created by dnssec-keygen. -nsupdate -nsupdate is used to submit DNS update requests. - +dig interrogates DNS +servers. +host +host is a utility for DNS +lookups. + +rndc +rndc controls the operation of +BIND. + +rndc-confgen +rndc-confgen generates +rndc.conf files. + +named-checkconf +named-checkconf checks the syntax of +named.conf files. + +named-checkzone +named-checkzone checks zone file +validity. + +lwresd +lwresd is a caching-only name server for local +process use. + +named +named is the name server daemon. + +dnssec-signzone +dnssec-signzone generates signed versions of +zone files. + +dnssec-signkey +dnssec-signkey signs zone file key +sets. + +dnssec-keygen +dnssec-keygen is a key generator for secure +DNS. + +dnssec-makekeyset +dnssec-makekeyset generates a key set from one +or more keys created by dnssec-keygen. + +nsupdate +nsupdate is used to submit +DNS update requests. + + diff --git a/server/other/bind/bind-inst.xml b/server/other/bind/bind-inst.xml index 880ce5a3ed..7e9431f407 100644 --- a/server/other/bind/bind-inst.xml +++ b/server/other/bind/bind-inst.xml @@ -1,10 +1,11 @@ -Installation of <application>BIND</application> +Installation of <application><acronym>BIND</acronym></application> -Install BIND by running the following commands: +Install BIND by +running the following commands: ./configure --prefix=/usr --sysconfdir=/etc && make && make install - + diff --git a/server/other/bind/bind-intro.xml b/server/other/bind/bind-intro.xml index 592fc24257..4a558c952a 100644 --- a/server/other/bind/bind-intro.xml +++ b/server/other/bind/bind-intro.xml @@ -1,12 +1,16 @@ -Introduction to BIND &bind-version; +Introduction to <application><acronym>BIND</acronym></application> -Download location (HTTP): -Download location (FTP): -Version used: &bind-version; -Package size: &bind-size; -Estimated Disk space required: &bind-buildsize; +The BIND package +provides a DNS server and client utilities. -The Bind package provides a DNS server and client -utilities. +Package information + +Download (HTTP): +Download (FTP): +Download size: &bind-size; +Estimated Disk space required: &bind-buildsize; +Estimated build time: &bind-time; + + diff --git a/server/other/bind/bind.ent b/server/other/bind/bind.ent index 88830a7b57..0837f7dc35 100644 --- a/server/other/bind/bind.ent +++ b/server/other/bind/bind.ent @@ -1,13 +1,11 @@ - - - - + + - +