Caching-only BIND name server
The following steps were used to create a caching-only BIND 9.3.2
name server on Solaris 8. Many of these steps may be applicable to other
BIND releases and/or other architectures.
1. Download, extract, and install BIND.
$ wget ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
$ gunzip -cd bind-9.3.2.tar.gz | tar xf
-
$ cd bind-9.3.2
$ ./configure
$ make
$ su root -c 'PATH=$PATH:/usr/ccs/bin make install'
2. Create named user.
# groupadd -g 53 named
# useradd -c "BIND DNS daemon" -d
/dev/null -g named -u 53 -s /bin/false named
3. Create zone file directory.
# mkdir -m 750 /var/named
# chown named:named /var/named
4. Create BIND configuration file. BIND will look for zone files in /var/named, will create a PID file
named /var/named/named.pid,
will only bind to and allow queries from the loopback interface, and will not
allow zone transfers.
# vi /etc/named.conf
Add:
// BIND configuration file
options {
directory "/var/named";
pid-file
"/var/named/named.pid";
allow-query { 127.0.0.1; };
allow-transfer { none;
};
listen-on
{ 127.0.0.1; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "." in {
type
hint;
file
"named.ca";
};
zone "0.0.127.in-addr.arpa" in {
type
master;
file
"named.local";
};
5. Configure BIND for control with rndc.
# /usr/local/sbin/rndc-confgen -a
6. Create forward loopback zone file. Every name server should be
authoritative for the forward loopback domain.
# vi /var/named/localhost.zone
Add:
$TTL 86400
$ORIGIN localhost.
@
1D IN SOA @ root (
42
; serial (d. adams)
3H
; refresh
15M
; retry
1W
; expiry
1D )
; minimum
1D IN NS @
1D IN A 127.0.0.1
7. Create reverse loopback zone file. Every name server should be
authoritative for the reverse loopback domain.
If nslookup is unable to
resolve the PTR record for 127.0.0.1, you will see the following errors:
*** Can't find server name for
address 127.0.0.1: Server failed
*** Default servers are not
available
# vi /var/named/named.local
Add:
$TTL 86400
@
IN SOA localhost.
root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS
localhost.
1
IN PTR localhost.
8. Change ownership of the zone files to the named user and group.
# chown named:named
/var/named/localhost.zone /var/named/named.local
9. Create BIND startup/shutdown script and /etc/rc.d symbolic link. BIND will
run as user named.
# vi /etc/init.d/named
Add:
#!/bin/sh
case $1 in
'start' )
/usr/local/sbin/named -u 53
;;
'stop' )
/usr/local/sbin/rndc
stop
;;
*)
echo "usage: $0
{start|stop}"
esac
# chmod 744 /etc/init.d/named
# chown root:root /etc/init.d/named
# ln -s /etc/init.d/named /etc/rc2.d/S72named
10. Download the root server list ("hints" file).
# dig @a.root-servers.net . ns > /var/named/named.ca
11. Start BIND.
# /etc/init.d/named start
The following script will automate steps 2 through 10 above.
#!/bin/sh
# Create named group
grep named /etc/group > /dev/null 2>&1 || groupadd -g 53 named
# Create named user
grep named /etc/passwd > /dev/null 2>&1 || \
useradd -c "BIND DNS daemon" -d /dev/null -g named -u 53 -s /bin/false named
# Crete zone file directory
if [ ! -d /var/named ] ; then
mkdir -m 750 /var/named
chown named:named /var/named
fi
# Create BIND configuration file
[ ! -f /etc/named.conf ] && \
cat << BIND_CONFIGURATION_FILE > /etc/named.conf
// BIND configuration file
options {
directory "/var/named";
pid-file "/var/named/named.pid";
allow-query { 127.0.0.1; };
allow-transfer { none; };
listen-on { 127.0.0.1; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "." in {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};
BIND_CONFIGURATION_FILE
# Configure BIND for rndc
[ ! -f /etc/rndc.key ] && /usr/local/sbin/rndc-confgen -a
# Create /var/named/localhost.zone
[ ! -f /var/named/localhost.zone ] && \
cat << LOCALHOST_ZONE > /var/named/localhost.zone
\$TTL 86400
\$ORIGIN localhost.
@
1D IN SOA @ root (
42
; serial (d. adams)
3H
; refresh
15M
; retry
1W
; expiry
1D )
; minimum
1D IN NS @
1D IN A 127.0.0.1
LOCALHOST_ZONE
# Create /var/named/named.local
[ ! -f /var/named/named.local ] && \
cat << NAMED_LOCAL > /var/named/named.local
\$TTL 86400
@
IN SOA localhost.
root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS
localhost.
1 IN PTR localhost.
NAMED_LOCAL
# Configure ownership of zone files
chown named:named /var/named/localhost.zone /var/named/named.local
# Create BIND startup/shutdown script
[ ! -f /etc/init.d/named ] && \
cat << NAMED > /etc/init.d/named
#!/bin/sh
case \$1 in
'start' )
/usr/local/sbin/named -u 53
;;
'stop' )
/usr/local/sbin/rndc stop
;;
*)
echo "usage: \$0 {start|stop}"
esac
NAMED
# Configure permissions
chmod 744 /etc/init.d/named
chown root:root /etc/init.d/named
# Create rc2.d symlink
[ ! -h /etc/rc2.d/S72named ] && ln -s /etc/init.d/named /etc/rc2.d/S72named
# Update "hints" file
dig @a.root-servers.net . ns > /var/named/named.ca
Back to brandonhutchinson.com.
Last modified: 2006/03/10