Difference between revisions of "BIND"

From ArchWiki
Jump to navigation Jump to search
Line 79: Line 79:
  chown root:named ${CHROOT}
  chown root:named ${CHROOT}
  chmod 0750 ${CHROOT}
  chmod 0750 ${CHROOT}
If you enabled logging (see above):
chown named:named ${CHROOT}/var/log/named.log
=== Prepare the rc script ===
=== Prepare the rc script ===

Revision as of 14:40, 8 May 2008

Bind as caching only server

These few steps show you how to install bind as a caching only server.

Install bind

pacman -S bind

Edit /etc/named.conf

listen-on {; };

Bind needs the kernel module 'capability' to work proper. load manually if not already implemented yet.

# modprobe capability

This is built in vanilla kernels as confirmed by a:

# zless /proc/config.gz | grep CAPABILITIES

Adding named to boot process

Edit /etc/rc.conf

DAEMONS=(.. named ..)

Set resolv.conf for using the local dns

Edit /etc/resolv.conf


Running Bind in a chrooted environment

Preparing the chroot

define the chroot directory, for example:


create chroot directories

mkdir -m 700 -p ${CHROOT}
mkdir -p ${CHROOT}/{dev,etc,var/run/named}

to enable logging inside chroot you also need to create a log directory:

mkdir ${CHROOT}/var/log

and inside this a file named.log as per logging statement in named.conf:

touch ${CHROOT}/var/log/named.log

You may also want to access this file from /var/log:

ln -sf ${CHROOT}/var/log/named.log /var/log

Copy necessary files

cp -v /etc/named.conf ${CHROOT}/etc/
cp -v /etc/localtime ${CHROOT}/etc/
cp -Rv /var/named ${CHROOT}/var/

Create block devices

mknod ${CHROOT}/dev/zero c 1 5
mknod ${CHROOT}/dev/random c 1 8

Set permissions

chown -R named:named ${CHROOT}/var/run/named
chmod 666 ${CHROOT}/dev/{random,zero}
chown root:named ${CHROOT}
chmod 0750 ${CHROOT}

If you enabled logging (see above):

chown named:named ${CHROOT}/var/log/named.log

Prepare the rc script

cp /etc/rc.d/named /etc/rc.d/named-chroot

Edit /etc/rc.d/named-chroot and simply add "-t ${CHROOT}" to

[ -z "$PID" ] && /usr/sbin/named ${NAMED_ARGS}

so that it looks like

[ -z "$PID" ] && /usr/sbin/named ${NAMED_ARGS} -t ${CHROOT}

Prepare variables

vim /etc/conf.d/named


Starting named-chroot on bootup

you probably followed the first section before, so you have to add '-chroot' to the existing named, so that it looks like this

Edit /etc/rc.conf

DAEMONS=(.. named-chroot ..)

Start the service

/etc/rc.d/named-chroot start

Test the service

# host wiki.archlinux.org

Output should be something like this

Using domain server:

wiki.archlinux.org is an alias for archlinux.org.
archlinux.org has address
archlinux.org mail is handled by 10 mail.archlinux.org.

A configuration template for running a domain

in our example we use "domain.tld" as our domain

preparing some folder structure

mkdir /chroot/named/etc/{pri,sec}

creating a zonefile

vim /chroot/named/etc/pri/domain.tld.zone

$TTL 7200
; domain.tld
@       IN      SOA     ns01.domain.tld. postmaster.domain.tld. (
                                        2007011601 ; Serial
                                        28800      ; Refresh
                                        1800       ; Retry
                                        604800     ; Expire - 1 week
                                        86400 )    ; Minimum
                IN      NS      ns01
                IN      NS      ns02
ns01            IN      A
ns02            IN      A
localhost       IN      A
@               IN      MX 10   mail
imap            IN      CNAME   mail
smtp            IN      CNAME   mail
@               IN      A
www             IN      A
mail            IN      A
@               IN      TXT     "v=spf1 mx"

configuring master server

copy the zonefile

cp domain.tld.zone /chroot/named/etc/pri/

Edit /chroot/named/etc/named.conf

zone "domain.tld" IN {
        type master;
        file "pri/domain.tld.zone";
        allow-update { none; };
        notify no;

configuring slave server

cp domain.tld.zone /chroot/named/etc/sec/

Edit /chroot/named/etc/named.conf

zone "domain.tld" IN {
        type slave;
        file "sec/domain.tld.zone";
        allow-update { none; };
        notify no;
        masters {; };   # ip address of the master server

restart the services and you're done.

BIND Resources