Sunday, September 12, 2010

jailed DNS with BIND 9 (Centos 5.5)

chroot DNS with BIND 9 (Centos 5.5)

Ref. http://adlinux.blogspot.com/2010/04/chroot-dns-with-bind-centos-5.html

Install BIND: (install Centos with the server package only)

yum install bind-chroot bind bind-utils

cd  /var/named/chroot/var/named

cp /usr/share/doc/bind-9.x.x/sample/var/named/named.local   ./named.local

wget ftp://ftp.rs.internic.net/domain/named.root

ln –s /var/named/chroot/  /etc/named.root

touch /var/named/chroot/etc/named.conf

Configure named.conf:

include "/etc/rndc.key";

controls {
       inet 127.0.0.1 allow {127.0.0.1; } keys { "rndckey"; };
       inet 192.168.1.103 allow { 192.168.1.0/24; } keys { "rndckey"; };
};
options {
       directory "/var/named";
       pid-file "/var/run/named/named.pid";

       recursion yes;
       allow-recursion {
              127.0.0.1;
              192.168.1.0/24;
       };
      
       listen-on {
              127.0.0.1;
              192.168.1.103;
       };
      
       query-source address * port 53;
       version "REFUSED";

       allow-query {
              127.0.0.1;
              192.168.1.0/24;
       };
};

server 192.168.1.103 {
       keys { rndckey; };
};

zone "." IN {
       type hint;
       file "named.root";
};

zone "example.local" IN {
       type master;
       file "data/example.local.zone";
       allow-update { none; };
       allow-transfer { none; };
};

zone "1.168.192.in-addr.arpa" IN {
       type master;
       file "data/example.local.rev.zone";
       allow-update { none; };
       allow-transfer { none; };
};



Configure forward lookup zone:

cd /var/named/chroot/var/named/data

touch ./example.local.zone

chown root:named ./example.local.zone

Edit zone file:

$ttl 38400

example.local.       IN     SOA    ns.example.local. admin.example.local. (
                           2010091001 ; Serial
                           10800 ; Refresh after 3 hours
                           3600 ; Retry after 1 hour
                           604800 ; Expire after 1 week
                           86400 ); Minimum TTL of 1 day

example.local.             IN NS ns.example.local.
ns.example.local.    IN A  192.168.1.103
dns1.example.local.  IN CNAME ns.example.local.
www.example.local.   IN CNAME ns.example.local.


Configure reverse lookup zone:

cd /var/named/chroot/var/named/data

touch ./example.local.rev.zone

chown root:named ./example.local.rev.zone

Edit zone file:

$ttl 38400

1.168.192.in-addr.arpa.    IN     SOA    ns.example.local. admin.example.local. (
                           2010091001 ; Serial
                           10800 ; Refresh after 3 hours
                           3600 ; Retry after 1 hour
                           604800 ; Expire after 1 week
                           86400 ); Minimum TTL of 1 day

       IN     NS     ns.example.local.
103    IN     PTR    ns.example.local.


Note: change serial number whenever zone file is modified (yyyymmddxx where xx is the number of modification for that day)


Configure BIND for automatic startup:

/sbin/chkconfig –level 35 named on

/sbin/chkconfig –list named


Start BIND daemon:

/etc/init.d/named start
/etc/init.d/named status

Or

/sbin/service named start
/sbin/service named status

Edit dns client file:

vi /etc/resolv.conf

#search example.local
nameserver 127.0.0.1


Test DNS:

rndc status

nslookup dns1.example.local

dig dns1.example.local

host dns1.example.local
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)