Caching-only BIND nameserverCaching-only BIND nameserver
The following steps were used to create a caching-only BIND 9.2.2 nameserver on
Solaris 8. Many of these steps may be applicable to other BIND releases and/or
other architectures.
1. Download, extract, and install BIND.
wget ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz
gunzip -cd bind-9.2.2.tar.gz | tar xvf -
cd bind-9.2.2
./configure && make
su root -c "make install"
2. Create named user.
groupadd -g 53 named
useradd -c "BIND DNS daemon" -d /home/named -g named -u 53 -s /bin/false named
3. Create zone file directory.
mkdir -m 750 /var/named
chown named:named /var/named
4. Create BIND configuration file. BIND will look for zone files in /var/named,
will create a PID file in /var/named/named.pid, and will listen only on the
loopback interface.
vi /etc/named.conf
Add:
// BIND configuration file
options {
directory "/var/named";
pid-file "/var/named/named.pid";
listen-on { 127.0.0.1; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
};
zone "." in {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};
5. Configure BIND for control with rndc.
/usr/local/sbin/rndc-confgen
rndc-confgen will write information to STDOUT that needs to be appended to
/etc/rndc.conf and /etc/named.conf, respectively.
6. Create forward loopback zone file. Every nameserver should be authoritative
for the forward loopback domain.
vi /var/named/localhost.zone
Add:
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
7. Create reverse loopback zone file. Every nameserver should be authoritative
for the reverse loopback domain.
If nslookup is unable to resolve the PTR record for 127.0.0.1, you will see the
following errors:
*** Can't find server name for address 127.0.0.1: Server failed
*** Default servers are not available
vi /var/named/named.local
Add:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
8. Create BIND startup/shutdown script. BIND will run as the non-privileged user
named.
vi /etc/init.d/named
Add:
#!/bin/sh
case $1 in
'start' )
/usr/local/sbin/named -u 53
;;
'stop' )
/usr/local/sbin/rndc stop
;;
*)
echo "usage: $0 {start|stop}"
esac
chmod 744 /etc/init.d/named
chown root:other /etc/init.d/named
8. Start BIND.
/etc/init.d/named start
Back to brandonhutchinson.com.
Last modified: 05/14/2003
(
geocities.com/hackermuda/exploits) (
geocities.com/hackermuda)