Install A Chrooted DNS Server (BIND9)

To install a chrooted BIND9, we do this:

yum install bind-chroot

Then do this: 

chmod 755 /var/named/
chmod 775 /var/named/chroot/
chmod 775 /var/named/chroot/var/
chmod 775 /var/named/chroot/var/named/
chmod 775 /var/named/chroot/var/run/
chmod 777 /var/named/chroot/var/run/named/
cd /var/named/chroot/var/named/
ln -s ../../ chroot
cp /var/named/named.localhost /var/named/chroot/var/named/named.localhost
cp /var/named/named.ca /var/named/chroot/var/named/named.ca
cp /var/named/named.empty /var/named/chroot/var/named/named.empty
cp /var/named/named.loopback /var/named/chroot/var/named/named.loopback
 

chgrp named /var/named/chroot/var/named/named.localhost /var/named/chroot/var/named/named.ca /var/named/chroot/var/named/named.empty /var/named/chroot/var/named/named.loopback

touch /var/named/chroot/etc/named.conf

ln -s /var/named/chroot/etc/named.conf /etc/named.conf

vi /etc/named.conf
//Access List
acl allow_network {
        192.168.0.0/24;
        };
//
// named.conf for Red Hat caching-nameserver
//

options {
        // listen-on port 53 { any; };
        // listen-on-v6 port 53 { any; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        query-source address * port 53;
        allow-transfer {
                };
        allow-recursion {
                allow_network;
                };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; rndc-key; };
};
Then we create the startup links and start BIND:

chkconfig --levels 235 named on
/etc/init.d/named start



Share on Google Plus

About somono chek

Hi, I am Somono Chek. I've been working in IT field for 8 years. I created this blog for sharing my experiences and knowledge for this 8 years related to IT Skill: Networking, Network Security, Linux Server, Windows Server and other skill related to IT.

0 comments:

Post a Comment