DNS

From JCWiki
Revision as of 16:32, 8 November 2012 by 70.230.212.110 (talk)
Jump to navigation Jump to search

Setup BIND

Below follows steps taken to setup the currently-running bind installs on ns1c/ns2c/ns3c: 

cd /tmp
fetch http://www.openssl.org/source/openssl-0.9.8h.tar.gz
tar xzf openssl-0.9.8h.tar.gz
cd openssl-0.9.8h
./config --prefix=/usr --openssldir=/usr/local/openssl
make install clean
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make install clean

(for some reason bind didn’t find all files when installed to /usr so installed again to /usr/local- installed to /usr too to overwrite existing openssl) 

cd /tmp
fetch http://ftp.isc.org/isc/bind9/9.5.0-P1/bind-9.5.0-P1.tar.gz
tar xzf bind-9.5.0-P1.tar.gz
cd /tmp/bind-9.5.0-P1
./configure --with-openssl=/usr/local --sysconfdir=/etc/namedb --bindir=/usr/bin --sbindir=/usr/sbin --enable-threads
make install

(copy over files from namedb) 

cd /etc/namedb
rehash
rndc-confgen

cat > rndc.conf
# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "TywD8Rmk42q+QUbP299C3Q==";
};

options {
        default-key "rndc-key";
        default-server 69.55.230.3;
        default-port 953;
};
# End of rndc.conf

(paste into named.conf)


key "rndc-key" {
      algorithm hmac-md5;
      secret "TywD8Rmk42q+QUbP299C3Q==";
};

controls {
      inet 69.55.230.3 port 953
              allow { 69.55.230.3; } keys { "rndc-key"; };
};

Update 9-17-10 

cd /tmp
fetch http://www.openssl.org/source/openssl-0.9.8o.tar.gz
tar xzf openssl-0.9.8o.tar.gz
cd openssl-0.9.8o
./config --prefix=/usr --openssldir=/usr/local/openssl
make install clean
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make install clean

(for some reason bind didn’t find all files when installed to /usr so installed again to /usr/local- installed to /usr too to overwrite existing openssl)

Update perl to 5.8 (5.6 needed) 

cd /usr/ports/lang/perl5
make && make install && make clean
rehash
use.perl port

cd /tmp
fetch http://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz
tar xzf bind-9.7.1-P2.tar.gz
cd /tmp/bind-9.7.1-P2
./configure --with-openssl=/usr/local --sysconfdir=/etc/namedb --bindir=/usr/bin --sbindir=/usr/sbin --enable-threads
make && make install 

rndc stop; bind

add to config: 

logging {

// Channels default_syslog, default_debug, default_stderr, and null
// should be predefined, but adjust default_debug here

        channel default_debug {
                file "/var/log/named.debug";
                severity dynamic;
                print-time yes;
                print-category yes;
                print-severity no;
        };

        category default { default_syslog; };
        category general { default_syslog; };
        category database { default_debug; };
        category security { default_syslog; };
        category config { default_syslog; };
        category resolver { null; };
        category xfer-in { default_syslog; };
        category xfer-out { default_syslog; };
        category notify { default_debug; };
        category client { default_debug; };
        category unmatched { default_debug; };
        category network { default_debug; };
        category update { default_syslog; };
        category update-security { default_syslog; };
        category queries { null; };
        category query-errors { default_debug; };
        category dispatch { default_debug; };
        category dnssec { default_debug; };
        category lame-servers { null; };
        category delegation-only { default_debug; };
        category edns-disabled { null; };
};
Retrieved from "https://wiki.jcihosting.com/index.php?title=DNS&oldid=183"