Context Navigation

-              r08254fc
+              r0931098
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+   "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+<!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
+<!ENTITY bind-size "4.4 MB">
+<!ENTITY bind-buildsize "88 MB">
+<!ENTITY bind-time "0.89 SBU">
+]>
 <sect1 id="bind" xreflabel="BIND-&bind-version;">
 <?dbhtml filename="bind.html"?>
 <title><acronym>BIND</acronym>-&bind-version;</title>
+&bind-intro;
+&bind-inst;
+&bind-config;
+&bind-desc;
+<sect2>
+<title>Introduction to <application><acronym>BIND</acronym></application></title>
+<para>The <application><acronym>BIND</acronym></application> package
+provides a <acronym>DNS</acronym> server and client utilities. If you
+are only interested in the utilities, refer to the <xref linkend="bind-utils"/>.</para>
+<sect3><title>Package information</title>
+<itemizedlist spacing='compact'>
+<listitem><para>Download (HTTP): <ulink url="&bind-download-http;"/></para></listitem>
+<listitem><para>Download (FTP): <ulink url="&bind-download-ftp;"/></para></listitem>
+<listitem><para>Download size: &bind-size;</para></listitem>
+<listitem><para>Estimated Disk space required: &bind-buildsize;</para></listitem>
+<listitem><para>Estimated build time: &bind-time;</para></listitem></itemizedlist>
+</sect3>
+<sect3><title><application><acronym>BIND</acronym></application> dependencies</title>
+<sect4><title>Optional</title>
+<para><xref linkend="openssl"/> and <xref linkend="openjade"/>
+</para></sect4>
+</sect3>
+</sect2>
+<sect2>
+<title>Installation of <application><acronym>BIND</acronym></application></title>
+<para>Install <application><acronym>BIND</acronym></application> by
+running the following commands:</para>
+<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc &amp;&amp;
+make &amp;&amp;
+make install</command></userinput></screen>
+</sect2>
+<sect2>
+<title>Configuring
+<application><acronym>BIND</acronym></application></title>
+<sect3><title>Config files</title>
+<para><filename>named.conf</filename>, <filename>root.hints</filename>,
+<filename>127.0.0</filename>, <filename>rndc.conf</filename></para>
+</sect3>
+<sect3><title>Configuration Information</title>
+<para>We will configure
+<application><acronym>BIND</acronym></application> to run in a chroot
+jail as an unprivileged user (named). This configuration is more secure
+in that a <acronym>DNS</acronym> compromise can only affect a few files
+in the named user's <envar>HOME</envar> directory.</para>
+<para>First we create the unprivileged user and group named:</para>
+<screen><userinput><command>groupadd named &amp;&amp;
+useradd -m -g named -s /bin/false named</command></userinput></screen>
+<para>Then we set up some files, directories and devices needed by
+<application><acronym>BIND</acronym></application>:</para>
+<screen><userinput><command>cd /home/named &amp;&amp;
+mkdir -p dev etc/namedb/slave var/run &amp;&amp;
+mknod /home/named/dev/null c 1 3 &amp;&amp;
+mknod /home/named/dev/random c 1 8 &amp;&amp;
+chmod 666 /home/named/dev/{null,random} &amp;&amp;
+mkdir /home/named/etc/namedb/pz &amp;&amp;
+cp /etc/localtime /home/named/etc</command></userinput></screen>
+<para>Create the <filename>named.conf</filename> file from which named
+will read the location of zone files, root name servers and secure
+<acronym>DNS</acronym> keys:</para>
+<screen><userinput><command>cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF"</command>
+ options {
+     directory "/etc/namedb";
+    pid-file "/var/run/named.pid";
+    statistics-file "/var/run/named.stats";
+ };
+ controls {
+     inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
+ };
+ key "rndc_key" {
+     algorithm hmac-md5;
+     secret "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";
+ };
+ zone "." {
+     type hint;
+     file "root.hints";
+ };
+ zone "0.0.127.in-addr.arpa" {
+     type master;
+     file "pz/127.0.0";
+ };
+<command>EOF</command></userinput></screen>
+<para>Create a zone file with the following contents:</para>
+<screen><userinput><command>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</command>
+$TTL 3D
+@      IN      SOA     ns.local.domain. hostmaster.local.domain. (
+       ; Serial
+H      ; Refresh
+H      ; Retry
+W      ; Expire
+D)     ; Minimum TTL
+                NS      ns.local.domain.
+               PTR     localhost.
+<command>EOF</command></userinput></screen>
+<para>Create the <filename>root.hints</filename> file with the following
+commands:</para>
+<note><para>Caution must be used to ensure no leading spaces in this
+file.</para></note>
+<screen><userinput><command>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"</command>
+.                       6D  IN      NS      A.ROOT-SERVERS.NET.
+.                       6D  IN      NS      B.ROOT-SERVERS.NET.
+.                       6D  IN      NS      C.ROOT-SERVERS.NET.
+.                       6D  IN      NS      D.ROOT-SERVERS.NET.
+.                       6D  IN      NS      E.ROOT-SERVERS.NET.
+.                       6D  IN      NS      F.ROOT-SERVERS.NET.
+.                       6D  IN      NS      G.ROOT-SERVERS.NET.
+.                       6D  IN      NS      H.ROOT-SERVERS.NET.
+.                       6D  IN      NS      I.ROOT-SERVERS.NET.
+.                       6D  IN      NS      J.ROOT-SERVERS.NET.
+.                       6D  IN      NS      K.ROOT-SERVERS.NET.
+.                       6D  IN      NS      L.ROOT-SERVERS.NET.
+.                       6D  IN      NS      M.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.     6D  IN      A       198.41.0.4
+B.ROOT-SERVERS.NET.     6D  IN      A       128.9.0.107
+C.ROOT-SERVERS.NET.     6D  IN      A       192.33.4.12
+D.ROOT-SERVERS.NET.     6D  IN      A       128.8.10.90
+E.ROOT-SERVERS.NET.     6D  IN      A       192.203.230.10
+F.ROOT-SERVERS.NET.     6D  IN      A       192.5.5.241
+G.ROOT-SERVERS.NET.     6D  IN      A       192.112.36.4
+H.ROOT-SERVERS.NET.     6D  IN      A       128.63.2.53
+I.ROOT-SERVERS.NET.     6D  IN      A       192.36.148.17
+J.ROOT-SERVERS.NET.     6D  IN      A       192.58.128.30
+K.ROOT-SERVERS.NET.     6D  IN      A       193.0.14.129
+L.ROOT-SERVERS.NET.     6D  IN      A       198.32.64.12
+M.ROOT-SERVERS.NET.     6D  IN      A       202.12.27.33
+<command>EOF</command></userinput></screen>
+<para>The <filename>root.hints</filename> file is a list of root name
+servers. This file must be updated periodically with the
+<command>dig</command> utility.
+Consult the <ulink url="http://www.bind9.net/Bv9ARM.html"><application><acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink> for
+details.</para>
+<para>Create the <filename>rndc.conf</filename> with the following commands:</para>
+<screen><userinput><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
+key rndc_key {
+algorithm "hmac-md5";
+    secret
+    "<replaceable>[c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K]</replaceable>";
+    };
+options {
+    default-server localhost;
+    default-key    rndc_key;
+};
+<command>EOF</command></userinput></screen>
+<para>The <filename>rndc.conf</filename> file contains information for
+controlling named operations with the <command>rndc</command>
+utility.</para>
+<para>Create or modify <filename>resolv.conf</filename> to use the new
+name server with the following commands:</para>
+<note><para>Replace yourdomain.com with your own valid domain
+name.</para></note>
+<screen><userinput><command>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
+cat &gt; /etc/resolv.conf &lt;&lt; "EOF"</command>
+search <replaceable>[yourdomain.com]</replaceable>
+nameserver 127.0.0.1
+<command>EOF</command></userinput></screen>
+<para>Set permissions on the chroot jail with the following
+command:</para>
+<screen><userinput><command>chown -R named.named /home/named</command></userinput></screen>
+<para>To start the DNS server at boot, install the <filename>/etc/rc.d/init.d/bind</filename>
+init script included in the <xref linkend="intro-important-bootscripts"/> package.</para>
+<screen><userinput><command>make install-bind</command></userinput></screen>
+<para>Now start <application><acronym>BIND</acronym></application> with
+the new boot script:</para>
+<screen><userinput><command>/etc/rc.d/init.d/bind start</command></userinput></screen>
+</sect3>
+<sect3><title>Testing <application><acronym>BIND</acronym></application></title>
+<para>Test out the new
+<application><acronym>BIND</acronym></application> 9 installation. First
+query the local host address with <command>dig</command>:</para>
+<screen><userinput><command>dig -x 127.0.0.1</command></userinput></screen>
+<para>Now try an external name lookup, taking note of the speed
+difference in repeated lookups due to the caching. Run the dig command
+twice on the same address:</para>
+<para><screen><userinput><command>dig beyond.linuxfromscratch.org &amp;&amp;
+dig beyond.linuxfromscratch.org</command></userinput></screen>
+You can see almost instantaneous results with the named caching lookups.
+Consult <filename>bind-&bind-version;/doc/arm/Bv9ARM.html</filename>,
+the <application><acronym>BIND</acronym></application> Administrator
+Reference Manual for further configuration options.</para>
+</sect3>
+</sect2>
+<sect2>
+<title>Contents</title>
+<para>The <application><acronym>BIND</acronym></application> package contains
+<command>dig</command>,
+<command>host</command>,
+<command>isc-config.sh</command>,
+<command>nslookup</command>,
+<command>rndc</command>,
+<command>rndc-confgen</command>,
+<command>named-checkconf</command>,
+<command>named-checkzone</command>,
+<command>lwresd</command>,
+<command>named</command>,
+<command>dnssec-signzone</command>,
+<command>dnssec-signkey</command>,
+<command>dnssec-keygen</command>,
+<command>dnssec-makekeyset</command> and
+<command>nsupdate</command>.</para>
+</sect2>
+<sect2><title>Description</title>
+<sect3><title>dig</title>
+<para><command>dig</command> interrogates <acronym>DNS</acronym>
+servers.</para></sect3>
+<sect3><title>host</title>
+<para><command>host</command> is a utility for <acronym>DNS</acronym>
+lookups.</para></sect3>
+<sect3><title>nslookup</title>
+<para><command>nslookup</command> is a program used to query Internet
+domain nameservers.</para></sect3>
+<sect3><title>rndc</title>
+<para><command>rndc</command> controls the operation of
+<application><acronym>BIND</acronym></application>.</para></sect3>
+<sect3><title>rndc-confgen</title>
+<para><command>rndc-confgen</command> generates
+<filename>rndc.conf</filename> files.</para></sect3>
+<sect3><title>named-checkconf</title>
+<para><command>named-checkconf</command> checks the syntax of
+<filename>named.conf</filename> files.</para></sect3>
+<sect3><title>named-checkzone</title>
+<para><command>named-checkzone</command> checks zone file
+validity.</para></sect3>
+<sect3><title>lwresd</title>
+<para><command>lwresd</command> is a caching-only name server for local
+process use.</para></sect3>
+<sect3><title>named</title>
+<para><command>named</command> is the name server daemon.</para></sect3>
+<sect3><title>dnssec-signzone</title>
+<para><command>dnssec-signzone</command> generates signed versions of
+zone files.</para></sect3>
+<sect3><title>dnssec-signkey</title>
+<para><command>dnssec-signkey</command> signs zone file key
+sets.</para></sect3>
+<sect3><title>dnssec-keygen</title>
+<para><command>dnssec-keygen</command> is a key generator for secure
+<acronym>DNS</acronym>.</para></sect3>
+<sect3><title>dnssec-makekeyset</title>
+<para><command>dnssec-makekeyset</command> generates a key set from one
+or more keys created by dnssec-keygen.</para></sect3>
+<sect3><title>nsupdate</title>
+<para><command>nsupdate</command> is used to submit
+<acronym>DNS</acronym> update requests.</para></sect3>
+</sect2>
 </sect1>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 0931098 for server/other/bind.xml

Legend:

server/other/bind.xml

Download in other formats: