[366e29e1] | 1 | <sect2>
|
---|
| 2 | <title>Configuration command explanations</title>
|
---|
[14951df] | 3 | <para><screen><userinput>
|
---|
| 4 | groupadd -g 200 named
|
---|
| 5 | useradd -m -g named -u 200 -s /bin/false named
|
---|
| 6 | cd /home/named
|
---|
| 7 | mkdir -p dev etc/namedb/slave var/run
|
---|
| 8 | mknod /home/named/dev/null c 1 3
|
---|
| 9 | mknod /home/named/dev/random c 1 8
|
---|
| 10 | chmod 666 /home/named/dev/{null,random}
|
---|
| 11 | mkdir /home/named/etc/namedb/pz
|
---|
| 12 | cp /etc/localtime /home/named/etc : </userinput></screen>
|
---|
[366e29e1] | 13 |
|
---|
| 14 | Create the unprivileged user and group named, along with device files
|
---|
| 15 | that named will need access to inside the chroot jail.</para>
|
---|
| 16 |
|
---|
| 17 | <para><userinput>
|
---|
[14951df] | 18 | cat > /home/named/etc/named.conf << "EOF" :</userinput>
|
---|
[366e29e1] | 19 | Create the BIND configuration file, from which named will read the
|
---|
| 20 | location of zone files, root nameservers and secure DNS keys.</para>
|
---|
| 21 | <para><userinput>
|
---|
[14951df] | 22 | cat > /home/named/etc/namedb/pz/127.0.0 << "EOF" :</userinput>
|
---|
[366e29e1] | 23 | Create a single zone file.</para>
|
---|
| 24 | <para><userinput>
|
---|
[fe3b285] | 25 | cat > /home/named/etc/namedb/root.hints << "EOF" :</userinput>
|
---|
[366e29e1] | 26 | The root.hints file is a list of root nameservers. This file must be
|
---|
| 27 | updated periodically with the dig utility. Consult the BIND 9
|
---|
| 28 | Administrator Reference Manual for details.</para>
|
---|
| 29 | <para><userinput>
|
---|
[fe3b285] | 30 | cat > /etc/rndc.conf << "EOF" :</userinput>
|
---|
[366e29e1] | 31 | The rncd.conf file contains information for controlling named
|
---|
| 32 | operations with the rndc utility.</para>
|
---|
| 33 |
|
---|
| 34 | <para><userinput>
|
---|
[fe3b285] | 35 | cat > /etc/resolv.conf << "EOF" :</userinput>
|
---|
[366e29e1] | 36 | The resolv.conf file will specify the local host(127.0.0.1) as the
|
---|
| 37 | nameserver.</para>
|
---|
| 38 |
|
---|
| 39 | <para><userinput>
|
---|
[fe3b285] | 40 | cat > /etc/rc.d/init.d/bind << "EOF" :</userinput>
|
---|
[366e29e1] | 41 | Create the boot script for BIND 9, used to start and stop the name
|
---|
| 42 | server daemon, named.</para>
|
---|
| 43 |
|
---|
| 44 |
|
---|
| 45 |
|
---|
| 46 | </sect2>
|
---|
| 47 |
|
---|