# get bind from isc.org
cd /opt/src
tar xzf bind-9.3.4.tar.gz
cd bind-9.3.4
./configure --prefix=/opt/soft_bind-9.3.4 CC=gcc-4.1
make -j8
make install
cd /opt/soft_bind-9.3.4
groupadd -g 53 named
useradd -u 53 -g 53 -s /bin/false named
mkdir dev
mknod dev/random c 1 8
vi named.sh
-----------------
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=named
DESC="chrooted named"
BASEDIR=/opt/soft_bind-9.3.4
test -x || exit 0
set -e
case "$1" in
start)
echo "Chowning bind-directory to named:named..."
chown -R named:named $BASEDIR
echo -n "Starting : "
$BASEDIR/sbin/named \
-u named \
-t $BASEDIR \
-c /etc/named.conf
# -c $BASEDIR/etc/named.conf
echo " ."
;;
stop)
echo -n "Stopping : "
kill `cat $BASEDIR/etc/named.pid`
echo "."
;;
*)
echo "Usage: {start|stop}" >&2
exit 1
;;
esac
exit 0
-----------------
chmod +x named.sh
vi etc/named.conf # As everything in this dir/auth-section: this config is focused on simplicity and not security, dont
# run this on an internet-named! No restrictions on recursive queries and zone-transfers, no rndc-keys generated etc.
-----------------
options {
// directory "/opt/soft_bind-9.3.4/etc"; // Working directory
directory "/etc"; // Working directory, chrooted
pid-file "named.pid"; // Put pid file in working dir
notify no;
recursion no;
};
zone "127.0.0.1" {
type master;
file "db.localhost";
notify no;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.localhost.rev";
notify no;
};
zone "fluxcoil.net" {
type master;
file "db.fluxcoil.net";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "db.10.in-addr.arpa";
};
-----------------
vi etc/db.localhost
-----------------
$TTL 604800
@ IN SOA sid64.fluxcoil.net. chorn\.fluxcoil.net. (
1 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
600 ; Negative Cache TTL
);
@ IN NS sid64.fluxcoil.net.
@ IN A 127.0.0.1
-----------------
vi etc/db.localhost.rev
-----------------
$TTL 604800
@ IN SOA sid64.fluxcoil.net. chorn\.fluxcoil.net. (
1 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
600 ; Negative Cache TTL
);
@ IN NS sid64.fluxcoil.net.
1 IN PTR localhost.
-----------------
vi etc/db.fluxcoil.net
-----------------
$TTL 604800 ; 1 week
@ IN SOA sid64.fluxcoil.net. chorn\.fluxcoil.net. (
1148400345 ; Serial
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
604800 ; Expire (1 week)
600 ; Negative Cache TTL (10 minutes)
);
IN NS sid64.fluxcoil.net.
sid64 A 10.0.0.23
kerberos CNAME sid64
ldap CNAME sid64
rhel4 A 10.0.0.21
rhel CNAME rhel4
_kerberos TXT "FLUXCOIL.NET"
kerberos CNAME sid64
_kerberos._udp SRV 0 0 88 sid64
_kerberos-master._udp SRV 0 0 88 sid64
_kerberos-adm._tcp SRV 0 0 749 sid64
_kpasswd._udp SRV 0 0 464 sid64
-----------------
vi etc/db.10.in-addr.arpa
-----------------
$TTL 604800 ; 1 week
@ IN SOA sid64.fluxcoil.net. chorn\.fluxcoil.net. (
1148400345 ; Serial
10800 ; Refresh (3 hours)
3600 ; Retry (1 hour)
604800 ; Expire (1 week)
600 ; Negative Cache TTL (10 minutes)
);
IN NS sid64.fluxcoil.net.
23 PTR sid64.fluxcoil.net.
21 PTR rhel4.fluxcoil.net.
-----------------
chown -R named:named .
./named.sh start
dig @127.0.0.1 sid64.fluxcoil.net
echo "domain fluxcoil.net" >/etc/resolv.conf
echo "nameserver 127.0.0.1" >>/etc/resolv.conf
ping -c3 kerberos
