Master-Zone Blog Technical Notes

BIND9 on FreeBSD

The Domain Name System, or DNS, is one of the Internet's fundamental building blocks. It is the global, hierarchical, and distributed host information database that's responsible for translating names into addresses and vice versa, routing mail to its proper destination, and many other services.

For this article I used a fresh installation from 8.0-RELEASE-i386-bootonly, enabled ssh, and installed bash. First thing I fetched the latest release for the ports, installed portupgrade and updated the system...

# portsnap fetch extract
# cd /usr/ports/ports-mgmt/portupgrade && make install clean
# portupgrade -a

Installation...

# cd /usr/ports/dns/bind97/ && make install clean

You are free to choose which options are to be compiled with bind, but make sure you choose REPLACE_BASE. It's always a good idea to run bind in a chroot-ed environment

# mkdir -p /var/chroot/named/etc/namedb /var/chroot/named/dev /var/chroot/named/var/run
# chown -R bind:bind /var/chroot/named/
# chmod 755 /var/chroot/named/
# chmod 555 /var/chroot/named/dev
# ln -s /etc/localtime /var/chroot/named/etc/localtime
# mknod /var/chroot/named/dev/zero c 2 12
# ln -s /dev/random /var/chroot/named/dev/random
# mknod /var/chroot/named/dev/null c 2 2
# chmod 666 /var/chroot/named/dev/*
# mv /etc/namedb /etc/old.namedb
# ln -s /var/chroot/named/etc/namedb /etc/namedb

Configuration...

# dig > /etc/namedb/named.root
# rndc-confgen -a -c /etc/namedb/rndc.conf -k rndc-key -b 256
# vi /etc/namedb/named.conf

controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; }; };

include "/etc/namedb/rndc.conf";

acl "trusted" { 127.0.0.1; 192.168.0.0/16; };

options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";

allow-transfer { 127.0.0.1; 192.168.56.3; };
listen-on { 127.0.0.1; 192.168.56.2; };

auth-nxdomain yes;
};

view "internal" {
match-clients { "trusted"; };
recursion yes;

zone "." { type hint; file "named.root"; };
zone "localhost" { type master; file "master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
};

view "external" {
match-clients { any; };
recursion no;
};

logging {
channel systemlog {
file "/var/log/named.log";
severity debug;
print-time yes;
};

channel audit_log {
file "/var/log/security.log";
severity debug;
print-time yes;
};

channel xfer_log {
file "/var/log/xfer.log";
severity debug;
print-time yes;
};

category default { systemlog; };
category security { audit_log; systemlog; };
category config { systemlog; };
category xfer-in { xfer_log; };
category xfer-out { xfer_log; };
category notify { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};

After that, create /etc/namedb/master/localhost-forward.db and /etc/namedb/master/localhost-reverse.db

# vi /etc/namedb/master/localhost-forward.db

$TTL 3h
localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h

NS localhost.

A 127.0.0.1

# vi /etc/namedb/master/localhost-reverse.db

$TTL 3h
@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h

NS localhost.

1.0.0 A localhost.

And start named...


# echo named_enable="YES" >> /etc/rc.conf
# /etc/rc.d/named start


Following up is creating slave name server, creating a zone and syncing the master ns with the slave name server.