Setting up BIND under linux
ah, most excellent. Either you're a veteran linux user who wants to configure BIND, or you're a linux newb who has to configure a linux/unix dedicated server. Or some combination.
In the previous post I emphasized BIND configuration. In this post I'm going to emphasize on how to get around linux so that you can manage BIND. BIND should already be installed, so let's start orientation shall we?Most likely location for the BIND files:
/usr/sbin/named - BIND server process
/usr/sbin/rndc - BIND management tool
/var/named/ - Location of zone files
/etc/named.conf - BIND configuration file
Even if those aren't the right locations, you can find a file by entering the following commands:
updatedb - update the locate database
locate rndc - example to look for a file
Ok first let's grab the DollarDNS example configs. Enter the following commands (NOTE: if you are not already logged in as root, do so by entering the "su" command then typing your root password):
cd /etc
wget http://www.dollardns.net/bind/named.conf
cd /var/named
mkdir /var/named/old
mv * /var/named/old/
wget http://www.dollardns.net/bind/basiczone.com.zone
wget http://www.dollardns.net/bind/127.0.0.rev
wget http://www.dollardns.net/bind/named.ca
There, the above commands replaced your current config, moved all existing files to a subdirectory, and downloaded the example zones. Now open the config file:
vi /etc/named.conf
-- open named.conf --
You are now using the vi editor which can be found on pretty much any linux or unix system. Let's go into edit mode. Press the 'a' key. Now you can start editing the file. Please look at the above post and follow the directions to make the file host your domain. The only difference is that you can ignore the "directory" line. It's already properly configured. Also if you run a firewall (like iptables) then you should uncomment the "query-source" line by removing the '#' in front of it.
When you are done editing press the 'esc' key to go back into command mode. Then type the following and press enter to save and close the file.
:wq
-- close named.conf --
now we need to do some file manipulation. I'm going to pretend that your domain is "example.com" and your public IP (www.whatismyip.com) or dedicated server ip is 12.345.67.8. So enter the following commands except enter the right domain and first 3 digits of your ip.
mv basiczone.com.zone example.com.zone
mv 127.0.0.rev 12.345.67.rev
There, using those move commands we've renamed the files to match with what you specified in named.conf. Remember how to edit files using vi? Let's edit those files with the correct dns information.
-- open example.com.zone --
** see windows post for editing details **
-- close example.com.zone --
-- open 12.345.67.rev --
** see windows post for editing details **
-- close 12.345.67.rev --
There, hopefully you've got all the editing all tucked away.
Now, I don't know if BIND is actually running. So we're going to do a rude shut down of named if it is running.
killall -KILL named
That'll terminate the named process no matter how screwed up it is. I don't recommend using that command in normal operational circumstances. You should do the following command instead:
rndc stop
It should work without the path since /usr/bin should be in your PATH environment variable. If your server was already running normally, then you can do the following command to have BIND reload all configuration changes:
rndc reload
To start named you enter the following command:
named -u named
The "-u named" part makes sure it is running as the "named" user cause if you started it as root, you'd be in serious trouble if a exploit was discovered for your version of bind. Oh btw, don't know what version you're running? Do the following command:
dig @127.0.0.1 version.bind txt ch
Yep, the whole world can ask your server what version of BIND it is. You can change that, but changing the displayed version is not covered by this basic tutorial. You can always ask me how though. To test to see if named is successfully running you can also do the above command. It'll say there was a timout or something. If BIND didn't successfully start, you can always do the following command to see what's up:
named -u named -g
Basically you're starting BIND in the console. It will either shut down due to errors, or you have to press CTRL+C to terminate it. Fix any errors you see or tell me about them in a post.
Want BIND to start with your system? Well, it's probably already doing so, but you can check to make sure in the following file. This is accurate on redhat 9.0. It may be different on your system:
vi /etc/rc.d/init.d/named
vi /etc/sysconfig/named
In that file you can see how named is started on system boot. Sometimes default configurations do something funny with "chroot" (covered in my next tutorial) which wouldn't work too well with how you configured things above. Any chroot configuration is probably in the sysconfig file. Also there's a chance it uses the "-c" argument which tells named that "named.conf" is located someplace other than /etc/named.conf. If you don't know how to manipulate this file, then it's probably best not to, and just start BIND manually.
Let's see, what else. We've edited all the files, I've told you how to stop, start, and reload BIND. Told ya how to debug, and where the startup script might be. aha, here's a linux command cheet sheet useful for managing BIND:
mv oldpath newpath - move files and directories
cp oldpath newpath - copy file from one place to another
ls -la - list the current directory's contents
ps -Af - list currently running processes
killall process - kill all processes by that name
cd path - change directory
pwd - display current directory path
rm file - delete a file
rmdir dir - delete a folder
rm -rf dir - delete a directory and all its contents
mkdir path - create a folder
You might want to delete the following file. It's useless, we should use default parameters:
rm /etc/rndc.conf
You might want to delete the following file. It's useless, comes with some OS's:
locate named.custom
rm /path/to/named.custom
Well that's it. Check out the end of the windows post to learn how to test your domain to make sure it's working right.
source : http://forums.devshed.com/dns-36
0 komentar:
Posting Komentar