miércoles, 29 de julio de 2009

Debian Lenny Bind9 con Chroot

# aptitude install bind9 dnsutils

Modificamos los siguientes archivos

----------------------------------------------------------------
# vim /etc/bind/named.conf.options

options {
directory "/var/cache/bind";

auth-nxdomain no; # conform to RFC1035

allow-query { 192.168.1.0/24; } ; # network(s) which are allowed DNS queries
allow-transfer { none; } ;
allow-recursion { 192.168.1.0/24; } ; # restrict which clients resolve DNS queries
listen-on { 192.168.1.20; } ; # interface BIND 9 listens on
forward only;
forwarders {
208.67.222.222; # specify your ISP name servers
208.67.220.220;
};

};
-------------------------------------------------------------------

# vim /etc/bind/named.conf.local

zone "example.com" {
type master;
file "/etc/bind/zones/example.com.db";
};

zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/1.168.192.in-addr.arpa";
};
-------------------------------------------------------------------

Añadiendo una nueva zona

#mkdir /etc/bind/zones
#vim /etc/bind/zones/example.com.db

------------------------------------------------------------------
$TTL 3h
@ IN SOA ns.empresa.com. admin.example.com. (
666 ; Serial yyyymmddnn
3h ; Refresh After 3 hours
1h ; Retry R etry after 1 hour
1w ; Expire after 1 week
1h) ; Minimum negative caching of 1 hour
; Agrego mis hosts
@ 86400 IN NS ns.example.com.
@ 86400 IN MX 10 mail.example.com.
ns IN A 192.168.1.20
dns IN CNAME ns
mail IN A 192.168.1.20
------------------------------------------------------------------

Reverse DNS

------------------------------------------------------------------
$TTL 3h
@ IN SOA ns.empresa.com. admin.example.com. (
333 ; S erial yyyymmddnn
3h ; R efresh After 3 hours
1h ; R etry R etry after 1 hour
1w ; Expire after 1 week
1h) ; Minimum negative caching of 1 hour
; Agrego mis hosts
@ 86400 IN NS ns.example.com.
7 IN PT R ns.example.com.
8 IN PT R mail.example.com.

------------------------------------------------------------------

Seteando el Chroot
# vim /etc/default/bind9
------------------------------------------------------------------
# run resolvconf?
RESOLVCONF=yes
# startup options for the server
OPTIONS="-u bind -t /var/lib/named"
------------------------------------------------------------------

Creacion de los directorios Bind9

# mkdir -p /var/lib/named/etc
# mkdir -p /var/lib/named/dev
# mkdir -p /var/lib/named/var/cache/bind
# mkdir -p /var/lib/named/var/run/bind/run

Moviendo la carpeta Bind9 al direcotio /var/lib/named/etc

# mv /etc/bind /var/lib/named/etc

Creamos el acceso directo

# ln -s /var/lib/named/etc/bind /etc/bind

Creacion de los dispositivos null and random

# mknod /var/lib/named/dev/null c 1 3
# mknod /var/lib/named/dev/random c 1 8

Configurando los permisos de los directorios

# chmod 666 /var/lib/named/dev/null
# chmod 666 /var/lib/named/dev/random
# chown -R bind:bind /var/lib/named/var/*
# chown -R bind:bind /var/lib/named/etc/bind

Luego modificamos el resolv.conf

nameserver 192.168.1.20 ---> IP de nuestro DNS

Reiniciamos el servicio de red y el bind

#/etc/init.d/networking restart
#/etc/init.d/bind9 restart

Fuente:
http://www.thinkdebian.org/archives/343

No hay comentarios.: