Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux:bind [2006/08/21 16:17] a Chrooted BIND9 in Debian |
linux:bind [2011/08/01 13:31] 193.164.137.40 [audit dns] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== BIND (is there anyting else?) ====== | ====== BIND (is there anyting else?) ====== | ||
+ | ==== DNSSEC ==== | ||
- | **Speedup tips** | + | |
+ | To enable add to bind.named.options: | ||
+ | |||
+ | dnssec-enable yes;\\ | ||
+ | dnssec-validation yes;\\ | ||
+ | dnssec-lookaside . trust-anchor dlv.isc.org.; | ||
+ | |||
+ | |||
+ | include "/ | ||
+ | |||
+ | https:// | ||
+ | \\ | ||
+ | logging {\\ | ||
+ | ...\\ | ||
+ | category dnssec { null; | ||
+ | |||
+ | ==== Speedup tips ==== | ||
> I have built a local DNS server bind (Debian Sarge).The DNS should | > I have built a local DNS server bind (Debian Sarge).The DNS should | ||
Line 12: | Line 29: | ||
cache has been filled. | cache has been filled. | ||
- | ===== Chrooting BIND9 in Sarge ===== | + | ==== Letting bind/named query a specific DNS server for only one specific domain |
- | | + | Add to the file **''/ |
- | For security reasons we want to run BIND chrooted so we have to do the following steps: | + | < |
+ | zone " | ||
+ | type forward; | ||
+ | forward only; | ||
+ | forwarders { 192.168.0.2; | ||
+ | }; | ||
+ | </ | ||
- | / | + | Of course you need to replace ' |
- | Edit the file ''/ | ||
- | | + | ==== Unsorted ==== |
- | Create the necessary directories under ''/ | ||
- | | + | host -t txt -c CHAOS version.bind localhost |
- | mkdir / | + | |
- | | + | |
- | mkdir -p / | + | |
- | Then move the config directory from ''/ | + | named - options {version "DNS daemon"; |
- | mv /etc/bind / | + | host -t txt -c CHAOS hostname.bind localhost |
- | Create a symlink to the new config directory from the old location | + | gethostbyname() |
- | ln -s / | ||
- | Make null and random devices, and fix permissions of the directories: | + | ==== audit dns ==== |
+ | < | ||
+ | kernel: audit(1209076817.081: | ||
+ | </ | ||
- | mknod / | + | So I had a look in: |
- | mknod / | + | ''/ |
- | chmod 666 / | + | |
- | chown -R bind:bind / | + | |
- | chown -R bind:bind / | + | |
- | + | ||
- | We need to modify the startup script | + | |
- | + | ||
- | #! /bin/sh | + | |
- | # / | + | |
- | + | ||
- | | + | |
- | + | ||
- | | + | |
- | | + | |
- | + | ||
- | test -x $binpath || exit 0 | + | |
- | + | ||
- | # Options for start/ | + | |
- | # | + | |
- | # | + | |
- | | + | |
- | + | ||
- | | + | |
- | { | + | |
- | if [ ! -e / | + | |
- | mknod -m 640 / | + | |
- | | + | |
- | chmod 0640 / | + | |
- | fi | + | |
- | chown root:adm / | + | |
- | } | + | |
- | + | ||
- | | + | |
- | { | + | |
- | # No pidfile, probably no daemon present | + | |
- | # | + | |
- | if [ ! -f $pidfile ] | + | |
- | | + | |
- | | + | |
- | fi | + | |
- | + | ||
- | | + | |
- | + | ||
- | # No pid, probably no daemon present | + | |
- | # | + | |
- | if [ -z " | + | |
- | | + | |
- | return 1 | + | |
- | fi | + | |
- | + | ||
- | if [ ! -d /proc/$pid ] | + | |
- | | + | |
- | | + | |
- | fi | + | |
- | + | ||
- | | + | |
- | + | ||
- | # No syslogd? | + | |
- | # | + | |
- | if [ " | + | |
- | | + | |
- | | + | |
- | fi | + | |
- | + | ||
- | | + | |
- | } | + | |
- | + | ||
- | case " | + | |
- | | + | |
- | echo -n " | + | |
- | | + | |
- | | + | |
- | echo " | + | |
- | ;; | + | |
- | | + | |
- | echo -n " | + | |
- | | + | |
- | echo " | + | |
- | ;; | + | |
- | reload|force-reload) | + | |
- | echo -n " | + | |
- | start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile | + | |
- | echo " | + | |
- | ;; | + | |
- | restart) | + | |
- | echo -n " | + | |
- | start-stop-daemon --stop --quiet --exec $binpath --pidfile $pidfile | + | |
- | sleep 1 | + | |
- | start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD | + | |
- | echo " | + | |
- | ;; | + | |
- | reload-or-restart) | + | |
- | if running | + | |
- | then | + | |
- | echo -n " | + | |
- | start-stop-daemon --stop --quiet --signal 1 --exec $binpath --pidfile $pidfile | + | |
- | else | + | |
- | echo -n " | + | |
- | | + | |
- | fi | + | |
- | echo " | + | |
- | ;; | + | |
- | *) | + | |
- | echo " | + | |
- | exit 1 | + | |
- | esac | + | |
- | + | ||
- | exit 0 | + | |
- | Restart the logging daemon: | + | and changed this line: |
+ | </ | ||
+ | / | ||
+ | </ | ||
- | /etc/init.d/sysklogd restart | + | to this: |
+ | < | ||
+ | /etc/bind/** rw, | ||
+ | </ | ||
- | Start up BIND, and check ''/ | + | ==== Fixing syntax highlighting in VIM ==== |
- | /etc/init.d/bind9 start | + | **~/.vimrc** |
+ | < | ||
+ | " BIND zone | ||
+ | au BufNewFile, | ||
+ | " BIND configuration | ||
+ | au BufNewFile, | ||
+ | </code> | ||