(→BIND DNS Server) |
(→BIND DNS Server) |
||
(2 intermediate revisions by one user not shown) | |||
Line 4: | Line 4: | ||
[https://www.isc.org/downloads/bind/| BIND] is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both. | [https://www.isc.org/downloads/bind/| BIND] is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both. | ||
− | Download, build and install: | + | BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL: |
<PRE> | <PRE> | ||
− | wget http://ftp.isc.org/isc/bind9/9. | + | wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz |
− | tar -xzf bind-9. | + | tar -xzf openssl-1.0.2c.tar.gz |
− | ./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc -- | + | cd openssl-1.0.2c |
+ | ./Configure linux-generic32 shared --prefix=/home/export/rootfs | ||
+ | make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc | ||
+ | make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld | ||
+ | </PRE> | ||
+ | |||
+ | Download, build and install BIND: | ||
+ | |||
+ | <PRE> | ||
+ | wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz | ||
+ | tar -xzf bind-9.10.2-P1.tar.gz | ||
+ | cd bind-9.10.2-P1 | ||
+ | ./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc | ||
make | make | ||
make install DESTDIR=/home/export/rootfs | make install DESTDIR=/home/export/rootfs | ||
Line 34: | Line 46: | ||
}; | }; | ||
− | zone "0.0.127.in-addr.arpa" | + | zone "." { |
+ | type hint; | ||
+ | file "/etc/bind/named.root"; | ||
+ | }; | ||
+ | |||
+ | zone "0.0.127.in-addr.arpa" { | ||
type master; | type master; | ||
file "/etc/bind/db.127"; | file "/etc/bind/db.127"; | ||
Line 44: | Line 61: | ||
}; | }; | ||
− | zone "home" | + | zone "home" { |
type master; | type master; | ||
file "/etc/bind/home.zone"; | file "/etc/bind/home.zone"; | ||
Line 55: | Line 72: | ||
The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers | The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers | ||
+ | |||
+ | The named.root file contains a list of root servers and their IP addresses. It can be downloaded using: | ||
+ | |||
+ | <PRE> | ||
+ | wget http://www.internic.net/domain/named.root | ||
+ | </PRE> | ||
The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents: | The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents: |
BIND is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.
BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL:
wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz tar -xzf openssl-1.0.2c.tar.gz cd openssl-1.0.2c ./Configure linux-generic32 shared --prefix=/home/export/rootfs make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld
Download, build and install BIND:
wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz tar -xzf bind-9.10.2-P1.tar.gz cd bind-9.10.2-P1 ./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc make make install DESTDIR=/home/export/rootfs
Create a configuration file /etc/bind/named.conf with the following contents:
acl localnet { 192.168.0.0/24; 2003:44b9:4219:6400::/64; localhost; }; options { directory "/var/cache/bind"; # fowarders { 192.231.203.132; 192.231.203.3 }; dnssec-validation auto; auth-nxdomain no; listen-on port 53 { 127.0.0.1; 192.168.0.254; } listen-on-v6 { 2001:44b9:4219:6400:250:43ff:fe01:835e; }; recursion yes; allow-query { localnet; }; }; zone "." { type hint; file "/etc/bind/named.root"; }; zone "0.0.127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192"; }; zone "home" { type master; file "/etc/bind/home.zone"; };
The Access Control List (ACL) controls what hosts can query the DNS resolver. You will need to change these to suit your network.
Likewise for the listen-on fields - this binds BIND to these network interfaces.
The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers
The named.root file contains a list of root servers and their IP addresses. It can be downloaded using:
wget http://www.internic.net/domain/named.root
The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 1.0.0 IN PTR localhost.
The following file allows reverse lookups for our resolver, 192.168.0.254. Doing a reverse lookup for 192.168.0.254 should return 'gateway.home'
Create a file called /etc/bind/db.192 with the following contents:
; ; BIND reverse data file for local subnet 192.168.0 ; $TTL 604800 @ IN SOA gateway.home. webuser.gateway.home. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS gateway. 254 IN PTR gateway.home.
The following file can be used to lookup hosts on your local subnet. For example, looking up gateway.home should return the address 192.168.0.254. Looking up nas.home will return 192.168.0.253.
Create a file called /etc/bind/home.zone with the following contents:
; ; BIND data file for home domain ; $TTL 604800 @ IN SOA home. root.home. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; NS gateway gateway A 192.168.0.254 nas A 192.168.0.253