The Domain Name System, or DNS, is one of the Internet’s fundamental building blocks. It is the global, hierarchical, and distributed host information database that’s responsible for translating names into addresses and vice versa, routing mail to its proper destination, and many other services.
For this article I used a fresh installation from 8.0-RELEASE-i386-bootonly, enabled ssh, and installed bash. First thing I fetched the latest release for the ports, installed portupgrade and updated the system…
# portsnap fetch extract
# cd /usr/ports/ports-mgmt/portupgrade && make install clean
# portupgrade -a
Installation…
# cd /usr/ports/dns/bind97/ && make install clean
You are free to choose which options are to be compiled with bind, but make sure you choose REPLACE_BASE. It’s always a good idea to run bind in a chroot-ed environment
# mkdir -p /var/chroot/named/etc/namedb /var/chroot/named/dev /var/chroot/named/var/run
# chown -R bind:bind /var/chroot/named/
# chmod 755 /var/chroot/named/
# chmod 555 /var/chroot/named/dev
# ln -s /etc/localtime /var/chroot/named/etc/localtime
# mknod /var/chroot/named/dev/zero c 2 12
# ln -s /dev/random /var/chroot/named/dev/random
# mknod /var/chroot/named/dev/null c 2 2
# chmod 666 /var/chroot/named/dev/*
# mv /etc/namedb /etc/old.namedb
# ln -s /var/chroot/named/etc/namedb /etc/namedb
Configuration…
# dig > /etc/namedb/named.root
# rndc-confgen -a -c /etc/namedb/rndc.conf -k rndc-key -b 256
# vi /etc/namedb/named.conf
controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; }; };
include “/etc/namedb/rndc.conf”;
acl “trusted” { 127.0.0.1; 192.168.0.0/16; };
options {
directory “/etc/namedb”;
pid-file “/var/run/named.pid”;
dump-file “/var/dump/named_dump.db”;
statistics-file “/var/stats/named.stats”;allow-transfer { 127.0.0.1; 192.168.56.3; };
listen-on { 127.0.0.1; 192.168.56.2; };auth-nxdomain yes;
};view “internal” {
match-clients { “trusted”; };
recursion yes;zone “.” { type hint; file “named.root”; };
zone “localhost” { type master; file “master/localhost-forward.db”; };
zone “127.in-addr.arpa” { type master; file “master/localhost-reverse.db”; };
};view “external” {
match-clients { any; };
recursion no;
};logging {
channel systemlog {
file “/var/log/named.log”;
severity debug;
print-time yes;
};channel audit_log {
file “/var/log/security.log”;
severity debug;
print-time yes;
};channel xfer_log {
file “/var/log/xfer.log”;
severity debug;
print-time yes;
};category default { systemlog; };
category security { audit_log; systemlog; };
category config { systemlog; };
category xfer-in { xfer_log; };
category xfer-out { xfer_log; };
category notify { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
After that, create /etc/namedb/master/localhost-forward.db and /etc/namedb/master/localhost-reverse.db
# vi /etc/namedb/master/localhost-forward.db
$TTL 3h
localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3hNS localhost.
A 127.0.0.1
# vi /etc/namedb/master/localhost-reverse.db
$TTL 3h
@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3hNS localhost.
1.0.0 PTR localhost.
And start named…
# echo named_enable="YES" >> /etc/rc.conf
# /etc/rc.d/named start
Following up is creating slave name server, creating a zone and syncing the master ns with the slave name server.