Configuring basic DNS service with bind

From Notes_Wiki
Revision as of 04:36, 7 November 2012 by Saurabh (talk | contribs) (Created page with "=Configuring basic DNS service with bind= In order to configure basic DNS service with bind we can first look for sample named.conf that came with our bind distribution. We c...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Configuring basic DNS service with bind

In order to configure basic DNS service with bind we can first look for sample named.conf that came with our bind distribution. We can use 'updatedb' and then 'locate' to find files which are required to setup bind. Most of the files are located somewhere within '/usr/share/doc/bind-<version>'. There is also Bind Administrators Reference Manual (BARM) inside that directory which has complete reference to all the options supported by bind and is very extensive compared to man pages.


Configuring basic named.conf

First we can search for sample 'named.conf' and copy it to '/var/named/chroot/etc'. Normally bind runs in chroot environment inside '/var/named/chroot' directory. Hence files need to be inside this chroot directory. To avoid confusion or multiple copies or wrong editing whenever we copy file to '/var/named/chroot/var/named', we also create symbolic from it to '/etc'. Hence even if someone tries to edit '/etc/named.conf' proper file '/var/named/chroot/etc/named.conf' gets edited.

Note that one has to keep the original file in '/var/named/chroot/etc' and create symbolic link with absolute path in '/etc'. That is command should be something like 'ln -s /var/named/chroot/etc/named.conf /etc'. This is because after chroot only outside symbolic links can refer to files inside '/var/named/chroot'.

Sample named.conf file is at 2010-03-14-named.conf.txt. This file is properly documented with two zones 'sbarjatiya.in' and 'leet.co.in'. The logs of most categories are sent to different channels and basic views are used to distinguish between 'localhost' and others. The parameters like files, max-cache-size, etc. which protect server resources are defined. The server is configured not to send OS or bind version information. The configuration works well with SELinux enabled as all logs files are written in data directory.

One can start with above configuration file along with these two zone files (2010-03-14-sbarjatiya.in.zone.txt and 2010-03-14-leet.co.in.zone.txt) and test the basic setup. If things are fine then proper zones instead of these two zones can be defined. One should also refer to documentation of current version of bind installed located at '/usr/share/doc/bind-<version>' to know about extra/deprecated features in this version.

Similar to files in '/var/named/chroot/etc', for files in '/var/named/chroot/var/named' we create a symbolic link in '/var/named' so that if someone accidentally tries to modify files in '/var/named' then also the correct version gets modified.


Troubleshooting bind

File/zone not found errors

When one uses above given sample 'named.conf' file then it is possible to get errors like 'file named.root.hints not found' or 'file named.rfc1912.zones' not found. For all such common files use locate and copy the sample files that come with bind. There can be six or seven such files so keep reading error messages that you get when you try to start bind and then copy the files appropriately. Make sure that you also create symbolic link whenever you copy new file.

If 'directory' options has been used then named may search for zones files in that directory. Hence we should copy the zone files like 'localhost.zone', 'localdomain.zone' and even the zone files that we create appropriately.


No error is printed

Some times bind will fail to start and no error gets printed then try 

echo '' >> /var/log/messages
echo '' >> /var/log/messages
service bind start
tail -30 /var/log/messages

and look for bind error messages. There can still be some files like '/etc/named.root' which are not found. Copy those files to '/var/named/chroot/etc' and create symbolic link in '/etc'.


Error not clear Or not printed in /var/log/messages

If error is not printed in /var/log/messages then try running bind in foreground with named -u named -f -d <debug_level> There is also provision to specify chroot directory. Read 'man named' to know about more options.


Disable SELinux

If still bind is not running then disable SELinux to confirm that problem is not due to SELinux. If bind works after doing 'setenfore 0' then try to use 'restorecon -vR /var/named' and then again try to start bind. Have a look at different SELinux types in '/var/named' and try to set similar contexts in '/var/named/chroot/var/named'.

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configuring_basic_DNS_service_with_bind&oldid=44"