Home » Master & Slave with chrooted Bind9

Master & Slave with chrooted Bind9

Instruction for first and second paragraph are the same: master and slave servers.

Differences are shown in next chapters.

1.Bind installation

Run command to install bind on your server:

apt-get install bind9

It will probably start right after the installation so we have to stop it with:

/etc/init.d/bind9 stop

2.Create chroot environment for bind

Tree directory structure is needed for bind:

mkdir -p /var/chroot/bind/{etc,dev,var/cache/bind,var/run/bind/run}

Of course bind should be the owner of these directories so we need to change it:

chown -R bind:bind /var/chroot/bind/var/*

Now we have to create some devices used by bind:

mknod /var/chroot/bind/dev/null c 1 3 mknod /var/chroot/bind/dev/random c 1 8 chmod 666 /var/chroot/bind/dev/{null,random}

Move your bind configuration files into chroot-ed environment and create symbolic link to it:

mv /etc/bind /var/chroot/bind/etc ln -s /var/chroot/bind/etc/bind /etc/bind

Next step is to create new file in /etc/rsyslog.d directory

nano /etc/rsyslog.d/chroot-bind.conf

and add following line so rsyslog watches log events in chroot bind:

$AddUnixListenSocket /var/chroot/bind/dev/log

Restart rsyslog to make changes visible for the service

/etc/init.d/rsyslog restart

One last thing and we can run bind. Edit /etc/default/bind9 and change line by adding directory where chroot-ed bind is configured:

OPTIONS="-u bind -t /var/chroot/bind"

Run bind with command:

/etc/init.d/bind9 start

3.Master bind server configuration

Edit /etc/bind/named.conf.options file to be similar to below entries:

options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { none; }; listen-on { 127.0.0.1; ns1.example.com_ip_address_here; }; allow-query { 0.0.0.0/0; }; notify yes; allow-transfer { ns2.example.com_ip_address_here; }; };

where:

For adding new domain edit /etc/bind/named.conf.local file and add new zone:

zone "example.com" { type master; file "/var/cache/bind/example.com.hosts"; };

As defined above, we have to create /var/chroot/bind/var/cache/bind/example.com.hosts file and add example domain configuration in it:

$TTL 3600 $ORIGIN com. example.com. IN SOA ns1.example.com. root.example.com. ( 2009070101 ; Serial 604800 ; Refresh 86400 ; Retry 604800 ; Expire 86400 ) ; Negative Cache TTL ; example.com. IN NS ns1.example.com. example.com. IN NS ns2.example.com. example.com. IN MX 10 mail.example.com. ; $ORIGIN example.com. ; ns1 IN A ip_address_here ns2 IN A ip_address_here www IN A ip_address_here example.com. IN A ip_address_here

Each change in above file is connected with Serial number which must also be changed. If you don't change the Serial number, any changes in that file won't work even if bind will be restarted

4.Slave bind server configuration

Check /etc/bind/named.conf.options file and change it to be similar to below entries:

options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { none;}; listen-on { 127.0.0.1; ns2.example.com_ip_address_here; }; allow-query { 0.0.0.0/0; }; };

For adding new domain edit /etc/bind/named.conf.local file and add new zone:

zone "example.com" { type slave; file "/var/cache/bind/example.com.hosts"; masters{ ns1.example.com_ip_address_here; }; };

5.Restarting bind's

After master and slave configuration, it's time to restart both bind's with command:

/etc/init.d/bind9 restart

As you can see in /var/log/syslog files:

#master Jul 1 17:34:45 ns1.example.com named[10821]: client ns2_IP_here#40275: transfer of 'example.com/IN': AXFR started Jul 1 17:34:45 ns1.example.com named[10821]: client ns2_IP_here#40275: transfer of 'example.com/IN': AXFR ended #slave Jul 1 17:34:45 ns2.example.com named[4657]: zone example.com/IN: Transfer started. Jul 1 17:34:45 ns2.example.com named[4657]: transfer of 'example.com/IN' from ns1_IP_here#53: connected using ns2_IP_here#51526 Jul 1 17:34:45 ns2.example.com named[4657]: zone example.com/IN: transferred serial 2009070101 Jul 1 17:34:45 ns2.example.com named[4657]: transfer of 'example.com/IN' from ns1_IP_here#53: Transfer completed: 1 messages, 10 records, 269 bytes, 0.068 secs (3955 bytes/sec) Jul 1 17:34:45 ns2.example.com named[4657]: zone example.com/IN: sending notifies (serial 2009070101)

master bind notifies and sends whole configuration about zone's changes to slave bind. On slave bind server file /var/chroot/bind/var/cache/bind/example.com.hosts will be automatically created.
That's all. If you have any suggestions post comments below ;-)





Write a comment

  • Required fields are marked with *

If you have trouble reading the code, click on the code itself to generate a new random code.
 
exnenznc
Posts: 1
Comment
exnenznc
Reply #1 on : Fri January 01, 2010, 07:27:31
unemvgms http://umxehuen.com euapjcbp ehdviopt