Caching-only BIND name server

The following steps were used to create a caching-only BIND 9.3.2 name server on Solaris 8. Many of these steps may be applicable to other BIND releases and/or other architectures.

1. Download, extract, and install BIND.
$ wget ftp://ftp.isc.org/isc/bind9/9.3.2/bind-9.3.2.tar.gz
$ gunzip -cd bind-9.3.2.tar.gz | tar xf -
$ cd bind-9.3.2
$ ./configure
$ make

$ su root -c 'PATH=$PATH:/usr/ccs/bin make install'

2. Create named user.
# groupadd -g 53 named
# useradd -c "BIND DNS daemon" -d /dev/null -g named -u 53 -s /bin/false named

3. Create zone file directory.
# mkdir -m 750 /var/named
# chown named:named /var/named

4. Create BIND configuration file. BIND will look for zone files in /var/named, will create a PID file named /var/named/named.pid, will only bind to and allow queries from the loopback interface, and will not allow zone transfers.

# vi /etc/named.conf

Add:

// BIND configuration file

options {
        directory       "/var/named";
        pid-file        "/var/named/named.pid";
        allow-query     { 127.0.0.1; };
        allow-transfer  { none; };
        listen-on        { 127.0.0.1; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "." in {
        type            hint;
        file            "named.ca";
};

zone "0.0.127.in-addr.arpa" in {
        type            master;
        file            "named.local";
};

5. Configure BIND for control with rndc.
# /usr/local/sbin/rndc-confgen -a

6. Create forward loopback zone file. Every name server should be authoritative for the forward loopback domain.
# vi /var/named/localhost.zone

Add:

$TTL    86400
$ORIGIN localhost.
@                       1D IN SOA       @ root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        1D IN A         127.0.0.1

7. Create reverse loopback zone file. Every name server should be authoritative for the reverse loopback domain.

If nslookup is unable to resolve the PTR record for 127.0.0.1, you will see the following errors:

*** Can't find server name for address 127.0.0.1: Server failed
*** Default servers are not available

# vi /var/named/named.local

Add:

$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

1       IN      PTR     localhost.

8. Change ownership of the zone files to the named user and group.
# chown named:named /var/named/localhost.zone /var/named/named.local

9. Create BIND startup/shutdown script and /etc/rc.d symbolic link. BIND will run as user named.
# vi /etc/init.d/named

Add:

#!/bin/sh

case $1 in
'start' )
   /usr/local/sbin/named -u 53
   ;;
'stop' )
   /usr/local/sbin/rndc stop
   ;;
*)
   echo "usage: $0 {start|stop}"
esac

# chmod 744 /etc/init.d/named
# chown root:root /etc/init.d/named
# ln -s /etc/init.d/named /etc/rc2.d/S72named

10. Download the root server list ("hints" file).
# dig @a.root-servers.net . ns > /var/named/named.ca

11. Start BIND.
# /etc/init.d/named start

The following script will automate steps 2 through 10 above.

#!/bin/sh

# Create named group
grep named /etc/group > /dev/null 2>&1 || groupadd -g 53 named

# Create named user
grep named /etc/passwd > /dev/null 2>&1 || \
   useradd -c "BIND DNS daemon" -d /dev/null -g named -u 53 -s /bin/false named

# Crete zone file directory
if [ ! -d /var/named ] ; then
   mkdir -m 750 /var/named
   chown named:named /var/named
fi

# Create BIND configuration file
[ ! -f /etc/named.conf ] && \
   cat << BIND_CONFIGURATION_FILE > /etc/named.conf
// BIND configuration file

options {
        directory       "/var/named";
        pid-file        "/var/named/named.pid";
        allow-query     { 127.0.0.1; };
        allow-transfer  { none; };
        listen-on        { 127.0.0.1; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "." in {
        type            hint;
        file            "named.ca";
};

zone "0.0.127.in-addr.arpa" in {
        type            master;
        file            "named.local";
};  
BIND_CONFIGURATION_FILE

# Configure BIND for rndc
[ ! -f /etc/rndc.key ] && /usr/local/sbin/rndc-confgen -a

# Create /var/named/localhost.zone
[ ! -f /var/named/localhost.zone ] && \
   cat << LOCALHOST_ZONE > /var/named/localhost.zone
\$TTL    86400
\$ORIGIN localhost.
@                       1D IN SOA       @ root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        1D IN A         127.0.0.1
LOCALHOST_ZONE

# Create /var/named/named.local
[ ! -f /var/named/named.local ] && \
   cat << NAMED_LOCAL > /var/named/named.local
\$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

1       IN      PTR     localhost.
NAMED_LOCAL

# Configure ownership of zone files
chown named:named /var/named/localhost.zone /var/named/named.local

# Create BIND startup/shutdown script
[ ! -f /etc/init.d/named ] && \
   cat << NAMED > /etc/init.d/named
#!/bin/sh

case \$1 in
'start' )
   /usr/local/sbin/named -u 53
   ;;
'stop' )
   /usr/local/sbin/rndc stop
   ;;
*)
   echo "usage: \$0 {start|stop}"
esac
NAMED

# Configure permissions
chmod 744 /etc/init.d/named
chown root:root /etc/init.d/named

# Create rc2.d symlink
[ ! -h /etc/rc2.d/S72named ] && ln -s /etc/init.d/named /etc/rc2.d/S72named

# Update "hints" file
dig @a.root-servers.net . ns > /var/named/named.ca

Back to brandonhutchinson.com.
Last modified: 2006/03/10