Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-commits
Navigation:
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-commits@g.o
From: "Joshua Saddler (nightmorph)" <nightmorph@g.o>
Subject: gentoo commit in xml/htdocs/doc/en: bind-guide.xml metadoc.xml
Date: Thu, 16 Jul 2009 23:54:15 +0000
nightmorph    09/07/16 23:54:15

  Modified:             metadoc.xml
  Added:                bind-guide.xml
  Log:
  Adding new BIND guide (with accompanying image) to our repository, in sysadmin_specific. Thanks to Vicente Olivert, bug 275816

Revision  Changes    Path
1.222                xml/htdocs/doc/en/metadoc.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.222&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.222&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?r1=1.221&r2=1.222

Index: metadoc.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v
retrieving revision 1.221
retrieving revision 1.222
diff -u -r1.221 -r1.222
--- metadoc.xml	28 Jun 2009 03:42:02 -0000	1.221
+++ metadoc.xml	16 Jul 2009 23:54:14 -0000	1.222
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.221 2009/06/28 03:42:02 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.222 2009/07/16 23:54:14 nightmorph Exp $ -->
 <metadoc lang="en">
-  <version>1.143</version>
+  <version>1.144</version>
   <members>
     <lead>neysx</lead>
     <member>cam</member>
@@ -378,6 +378,7 @@
     <file id="texlive-migration-guide">/proj/en/tex/texlive-migration-guide.xml</file>
     <file id="openrc-migration">/doc/en/openrc-migration.xml</file>
     <file id="multipath">/doc/en/multipath.xml</file>
+    <file id="bind-guide">/doc/en/bind-guide.xml</file>
     <file id="devmanual">/proj/en/qa/devmanual.xml</file>
   </files>
   <docs>
@@ -860,6 +861,9 @@
     <doc fileid="multipath">
       <memberof>sysadmin_specific</memberof>
     </doc>
+    <doc fileid="bind-guide">
+      <memberof>sysadmin_specific</memberof>
+    </doc>
     <doc fileid="devrel-policy">
       <memberof>gentoodev_policies</memberof>
       <memberof>project_devrel</memberof>



1.1                  xml/htdocs/doc/en/bind-guide.xml

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/bind-guide.xml?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/bind-guide.xml?rev=1.1&content-type=text/plain

Index: bind-guide.xml
===================================================================
<?xml version="1.0" encoding="UTF-8"?>
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/bind-guide.xml,v 1.1 2009/07/16 23:54:14 nightmorph Exp $ -->
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

<guide>
<title>Gentoo BIND Guide</title>

<author title="Author">
  <mail link="peratu@...">Vicente Olivert Riera</mail>
</author>
<author title="Editor">
  <mail link="nightmorph"/>
</author>

<abstract>
This guide will teach you how install and configure BIND for your domain and
your local network.
</abstract>

<version>1</version>
<date>2009-07-16</date>

<chapter>
<title>Introduction</title>
<section>
<body>

<p>
This tutorial will show you how to install and configure BIND, the most used DNS
server on Internet. We will configure <c>bind</c> for your domain using different
configurations, one for your local network and one for the rest of the world. We
will use views to do that. One view for your internal zone (your local network)
and other view for the external zone (rest of the world).
</p>

</body>
</section>
</chapter>

<chapter>
<title>Data used in the examples</title>
<section>
<body>

<table>
<tr>
  <th>Keyword</th>
  <th>Explanation</th>
  <th>Example</th>
</tr>
<tr>
  <ti>YOUR_DOMAIN</ti>
  <ti>Your domain name</ti>
  <ti>gentoo.org</ti>
</tr>
<tr>
  <ti>YOUR_PUBLIC_IP</ti>
  <ti>The public ip that ISP gives to you</ti>
  <ti>204.74.99.100</ti>
</tr>
<tr>
  <ti>YOUR_LOCAL_IP</ti>
  <ti>The local ip address</ti>
  <ti>192.168.1.5</ti>
</tr>
<tr>
  <ti>YOUR_LOCAL_NETWORK</ti>
  <ti>The local network</ti>
  <ti>192.168.1.0/24</ti>
</tr>
<tr>
  <ti>SLAVE_DNS_SERVER</ti>
  <ti>The ip address of the slave DNS server for your domain.</ti>
  <ti>209.177.148.228</ti>
</tr>
<tr>
  <ti>ADMIN</ti>
  <ti>The DNS server administrator's name.</ti>
  <ti>root</ti>
</tr>
<tr>
  <ti>MODIFICATION</ti>
  <ti>The modification date of the file zone, with a number added</ti>
  <ti>2009062901</ti>
</tr>
</table>

<figure link="/images/local-network-map.png" short="network" caption="Network example"/>

</body>
</section>
</chapter>

<chapter>
<title>Configuring BIND</title>
<section>
<title>Installation</title>
<body>

<p>
First, install <c>net-dns/bind</c>.
</p>

<pre caption="Installing bind">
# <i>emerge net-dns/bind</i>
</pre>

</body>
</section>
<section>
<title>Configuring /etc/bind/named.conf</title>
<body>

<p>
The first thing to configure is <path>/etc/bind/named.conf</path>. The first
part of this step is specifying bind's root directory, the listening port with
the IPs, the pid file, and a line for ipv6 protocol.
</p>

<pre caption="options section">
options {
        directory "/var/bind";

        listen-on-v6 { none; };
        listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; };

        pid-file "/var/run/named/named.pid";
};
</pre>

<p>
The second part of <path>named.conf</path> is the internal view used for our
local network.
</p>

<pre caption="Internal view">
view "internal" {
        match-clients { YOUR_NETWORK; localhost; };
        recursion yes;

        zone "YOUR_DOMAIN" {
                type master;
                file "pri/YOUR_DOMAIN.internal";
                allow-transfer { any; };
        };
};
</pre>

<p>
The third part of <path>named.conf</path> is the external view used to resolve
our domain name for the rest of the world and to resolve all other domain names
for us (and anyone who wants to use our DNS server).
</p>

<pre caption="External view">
view "external" {
        match-clients { any; };
        recursion no;

        zone "." IN {
                type hint;
                file "named.ca";
        };

        zone "127.in-addr.arpa" IN {
                type master;
                file "pri/127.zone";
                allow-update { none; };
                notify no;
        };

        zone "YOUR_DOMAIN" {
                type master;
                file "pri/YOUR_DOMAIN.external";
                allow-query { any; };
                allow-transfer { SLAVE_DNS_SERVER; };
        };
};
</pre>

<p>
The final part of <path>named.conf</path> is the logging policy.
</p>

<pre caption="External view">
logging {
        channel default_syslog {
                file "/var/log/named/named.log" versions 3 size 5m;
                severity debug;
                print-time yes;
                print-severity yes;
                print-category yes;
        };
       category default { default_syslog; };
};
</pre>

<p>
The <path>/var/log/named/</path> directory must be exist and belong to
<c>named</c>:
</p>

<pre caption="Creating the log file">
# <i>mkdir -p /var/log/named/</i>
# <i>chmod 770 /var/log/named/</i>
# <i>touch /var/log/named/named.log</i>
# <i>chmod 660 /var/log/named/named.log</i>
# <i>chown -R named /var/log/named/</i>
# <i>chgrp -R named /var/log/named/</i>
</pre>

</body>
</section>
<section>
<title>Creating the internal zone file</title>
<body>

<p>
We use the hostnames and IP adresses of the picture network example. Note that
almost all (not all) domain names finish with "." (dot).
</p>

<pre caption="/var/bind/pri/YOUR_DOMAIN.internal">
$TTL 2d
@	IN SOA	ns.YOUR_DOMAIN.	ADMIN.YOUR_DOMAIN. (
	MODIFICATION	; serial
	3h	; refresh
	1h	; retry
	1w	; expiry
	1d )	; minimum

YOUR_DOMAIN.		IN MX	0 mail.YOUR_DOMAIN.
YOUR_DOMAIN.		IN TXT	"v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.YOUR_DOMAIN ~all"
YOUR_DOMAIN.		IN NS	ns.YOUR_DOMAIN.
YOUR_DOMAIN.		IN NS	SLAVE_DNS_SERVER
www.YOUR_DOMAIN.	IN A	192.168.1.3
ns.YOUR_DOMAIN.		IN A	192.168.1.5
mail.YOUR_DOMAIN.	IN A	192.168.1.3
router.YOUR_DOMAIN.	IN A	192.168.1.1
hell.YOUR_DOMAIN.	IN A	192.168.1.3
heaven.YOUR_DOMAIN.	IN A	192.168.1.5
desktop.YOUR_DOMAIN.	IN A	192.168.1.4
</pre>

</body>
</section>
<section>
<title>Creating the external zone file</title>
<body>

<p>
Here we only have the subdomains we want for external clients (www, mail and
ns).
</p>

<pre caption="/var/bind/pri/YOUR_DOMAIN.external">
$TTL 2d
@	IN SOA	ns.YOUR_DOMAIN.	ADMIN.YOUR_DOMAIN. (
	MODIFICATION	;serial
	3h	;refresh
	1h	;retry
	1w	;expiry
	1d )	;minimum

YOUR_DOMAIN.		IN MX	0 mail.YOUR_DOMAIN.
YOUR_DOMAIN.		IN TXT	"v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.YOUR_DOMAIN ~all"
YOUR_DOMAIN.		IN NS	ns.YOUR_DOMAIN.
YOUR_DOMAIN.		IN NS	SLAVE_DNS_SERVER
www.YOUR_DOMAIN.	IN A	YOUR_PUBLIC_IP
ns.YOUR_DOMAIN.		IN A	YOUR_PUBLIC_IP
mail.YOUR_DOMAIN.	IN A	YOUR_PUBLIC_IP
</pre>

</body>
</section>
<section>
<title>Finishing configuration</title>
<body>

<p>
You'll need to add <c>named</c> to the default runlevel:
</p>

<pre caption="Add to default runlevel">
# <i>rc-update add named default</i>
</pre>

</body>
</section>
</chapter>

<chapter>
<title>Configuring clients</title>
<section>
<body>

<p>
Now you can use your own DNS server in all machines of your local network to
resolve domain names. Modify the <path>/etc/resolv.conf</path> file of all
machines of your local network.
</p>

<pre caption="Editing /etc/resolv.conf">
search YOUR_DOMAIN
nameserver YOUR_DNS_SERVER_IP
</pre>

<p>
Note that YOUR_DNS_SERVER_IP is the same as YOUR_LOCAL_IP we used in this
document. In the picture the example is 192.168.1.5.
</p>

</body>
</section>
</chapter>

<chapter>
<title>Testing</title>
<section>
<body>

<p>
We are able to test our new DNS server. First, we need to start the service.
</p>

<pre caption="Starting the service manually">
# <i>/etc/init.d/named start</i>
</pre>

<p>
Now, we are going to make some <c>host</c> commands to some domains. We can use
any computer of our local network to do this test. If you don't have
<c>net-dns/host</c> installed you can use <c>ping</c> instead. Otherwise, first
run <c>emerge host</c>.
</p>

<pre caption="Performing the test">
$ <i>host www.gentoo.org</i>
www.gentoo.org has address 209.177.148.228
www.gentoo.org has address 209.177.148.229

$ <i>host hell</i>
hell.YOUR_DOMAIN has address 192.168.1.3

$ <i>host router</i>
router.YOUR_DOMAIN has address 192.168.1.1
</pre>

</body>
</section>
</chapter>

<chapter>
<title>Protecting the server with iptables</title>
<section>
<body>

<p>
If you use iptables to protect your server, you can add these rules for DNS
service.
</p>

<pre caption="Iptables rules">
iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
</pre>

</body>
</section>
</chapter>
</guide>





Navigation:
Lists: gentoo-commits: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
gentoo commit in xml/images/docs: local-network-map.png
Next by thread:
gentoo-x86 commit in dev-perl/MooseX-Types-DateTime-ButMaintained: MooseX-Types-DateTime-ButMaintained-0.08.ebuild ChangeLog MooseX-Types-DateTime-ButMaintained-0.07.ebuild
Previous by date:
gentoo commit in xml/images/docs: local-network-map.png
Next by date:
gentoo-x86 commit in x11-misc/remind: remind-03.01.07.ebuild ChangeLog


Updated Jun 26, 2012

Summary: Archive of the gentoo-commits mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.