key rack research

HOWTO QUICKIE: INSTALL BIND9

Intro

This is intended to be short and efficient.

It is suggested to do this "remotely" via ssh, if anything, for the copy & paste abilities. Putty does the trick for those in Windows.

I need to go back and verify this ... as these are my raw notes.

GENERIC INSTALLATION OF BIND9

apt-get update
apt-get install bind9

JAIL BIND

/etc/init.d/bind9 stop
vi /etc/default/bind9
# Modify the line:
# OPTIONS="-u bind"
# to:
# OPTIONS="-u bind -t /var/lib/named"
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind
vi /etc/init.d/sysklogd
# Modify the line:
# SYSLOGD=""
# to:
# SYSLOGD="-a /var/lib/named/dev/log"
cp /var/lib/named/etc/bind/named.conf.options /var/lib/named/etc/bind/named.conf.options.orig
vi /var/lib/named/etc/bind/named.conf.options
# Modify the line:
# directory "/var/cache/bind";
# to:
# directory "/etc/bind";
/etc/init.d/sysklogd restart
tail /var/log/syslog
/etc/init.d/bind9 start

vi /var/lib/named/etc/bind/rndc.key
# copy everything to /etc/bind/named.conf
cp /var/lib/named/etc/bind/named.conf /etc/bind/named.conf.orig
vi /var/lib/named/etc/bind/named.conf
# paste everything from /etc/bind/rndc.key
/etc/init.d/bind9 stop
/etc/init.d/bind9 start
mkdir /var/lib/named/etc/bind/zones
mkdir /var/lib/named/etc/bind/zones/master
mkdir /var/lib/named/etc/bind/zones/slave

SECONDARY DNS SERVER CONFIGURATION

On the Master:
vi /var/lib/named/etc/bind/named.conf.options
# Add the following line:
# dnssec-enable yes;
dnssec-keygen -a hmac-md5 -b 128 -n host yournameserverdomainname.tld
# The dnssec-keygen command should have created a .key and .private files.
# Below a wild-card is used, but you may want to specify the exact filename.
cat *.key
# Copy the key, which is the last group of characters.
vi /var/lib/named/etc/bind/named.conf
# Add the following key (of course substitute your key):
# key "TRANSFER" {
# algorithm hmac-md5;
# secret "jXc2Lreaw4QHHTb/MjiHAw==";
# };
#
# Then add the following server statement:
# server IP-OF-SLAVE {
# keys { TRANSFER; };
# };
vi /var/lib/named/etc/bind/named.conf.local
# Add the following to each zone block:
# allow-transfer { key TRANSFER; };
apt-get install ntp ntpdate
/etc/init.d/bind9 start
tail /var/log/syslog

On the Slave:
cp /var/lib/named/etc/bind/named.conf.options /var/lib/named/etc/bind/named.conf.options.orig
vi /var/lib/named/etc/bind/named.conf.options
# Add the following line:
# dnssec-enable yes;
cp /var/lib/named/etc/bind/named.conf /var/lib/named/etc/bind/named.conf.orig
vi /var/lib/named/etc/bind/named.conf
# Add the following key (of course substitute your key):
# key "TRANSFER" {
# algorithm hmac-md5;
# secret "jXc2Lreaw4QHHTb/MjiHAw==";
# };
#
# Then add the following server statement:
# server IP-OF-MASTER {
# keys { TRANSFER; };
# };
cp /var/lib/named/etc/bind/named.conf.local /var/lib/named/etc/bind/named.conf.local.orig
vi /var/lib/named/etc/bind/named.conf.local
# Edit the slave zones to look like:
#
apt-get install ntp ntpdate
/etc/init.d/bind9 start
tail /var/log/syslog

If you have issues, try the following:

/etc/init.d/bind9 stop
chown -R bind:bind /var/lib/named/etc/bind
/etc/init.d/bind9 start
tail /var/log/syslog

Adding New Domains

cp /var/lib/named/etc/bind/db.empty /var/lib/named/etc/bind/zones/master/db.newdomainname.tld

back to top «

Debian Linux Resources