1 |
nightmorph 09/07/16 23:54:14 |
2 |
|
3 |
Modified: metadoc.xml |
4 |
Added: bind-guide.xml |
5 |
Log: |
6 |
Adding new BIND guide (with accompanying image) to our repository, in sysadmin_specific. Thanks to Vicente Olivert, bug 275816 |
7 |
|
8 |
Revision Changes Path |
9 |
1.222 xml/htdocs/doc/en/metadoc.xml |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.222&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.222&content-type=text/plain |
13 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?r1=1.221&r2=1.222 |
14 |
|
15 |
Index: metadoc.xml |
16 |
=================================================================== |
17 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v |
18 |
retrieving revision 1.221 |
19 |
retrieving revision 1.222 |
20 |
diff -u -r1.221 -r1.222 |
21 |
--- metadoc.xml 28 Jun 2009 03:42:02 -0000 1.221 |
22 |
+++ metadoc.xml 16 Jul 2009 23:54:14 -0000 1.222 |
23 |
@@ -1,8 +1,8 @@ |
24 |
<?xml version="1.0" encoding="UTF-8"?> |
25 |
<!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd"> |
26 |
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.221 2009/06/28 03:42:02 nightmorph Exp $ --> |
27 |
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.222 2009/07/16 23:54:14 nightmorph Exp $ --> |
28 |
<metadoc lang="en"> |
29 |
- <version>1.143</version> |
30 |
+ <version>1.144</version> |
31 |
<members> |
32 |
<lead>neysx</lead> |
33 |
<member>cam</member> |
34 |
@@ -378,6 +378,7 @@ |
35 |
<file id="texlive-migration-guide">/proj/en/tex/texlive-migration-guide.xml</file> |
36 |
<file id="openrc-migration">/doc/en/openrc-migration.xml</file> |
37 |
<file id="multipath">/doc/en/multipath.xml</file> |
38 |
+ <file id="bind-guide">/doc/en/bind-guide.xml</file> |
39 |
<file id="devmanual">/proj/en/qa/devmanual.xml</file> |
40 |
</files> |
41 |
<docs> |
42 |
@@ -860,6 +861,9 @@ |
43 |
<doc fileid="multipath"> |
44 |
<memberof>sysadmin_specific</memberof> |
45 |
</doc> |
46 |
+ <doc fileid="bind-guide"> |
47 |
+ <memberof>sysadmin_specific</memberof> |
48 |
+ </doc> |
49 |
<doc fileid="devrel-policy"> |
50 |
<memberof>gentoodev_policies</memberof> |
51 |
<memberof>project_devrel</memberof> |
52 |
|
53 |
|
54 |
|
55 |
1.1 xml/htdocs/doc/en/bind-guide.xml |
56 |
|
57 |
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/bind-guide.xml?rev=1.1&view=markup |
58 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/bind-guide.xml?rev=1.1&content-type=text/plain |
59 |
|
60 |
Index: bind-guide.xml |
61 |
=================================================================== |
62 |
<?xml version="1.0" encoding="UTF-8"?> |
63 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/bind-guide.xml,v 1.1 2009/07/16 23:54:14 nightmorph Exp $ --> |
64 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
65 |
|
66 |
<guide> |
67 |
<title>Gentoo BIND Guide</title> |
68 |
|
69 |
<author title="Author"> |
70 |
<mail link="peratu@×××××××××.com">Vicente Olivert Riera</mail> |
71 |
</author> |
72 |
<author title="Editor"> |
73 |
<mail link="nightmorph"/> |
74 |
</author> |
75 |
|
76 |
<abstract> |
77 |
This guide will teach you how install and configure BIND for your domain and |
78 |
your local network. |
79 |
</abstract> |
80 |
|
81 |
<version>1</version> |
82 |
<date>2009-07-16</date> |
83 |
|
84 |
<chapter> |
85 |
<title>Introduction</title> |
86 |
<section> |
87 |
<body> |
88 |
|
89 |
<p> |
90 |
This tutorial will show you how to install and configure BIND, the most used DNS |
91 |
server on Internet. We will configure <c>bind</c> for your domain using different |
92 |
configurations, one for your local network and one for the rest of the world. We |
93 |
will use views to do that. One view for your internal zone (your local network) |
94 |
and other view for the external zone (rest of the world). |
95 |
</p> |
96 |
|
97 |
</body> |
98 |
</section> |
99 |
</chapter> |
100 |
|
101 |
<chapter> |
102 |
<title>Data used in the examples</title> |
103 |
<section> |
104 |
<body> |
105 |
|
106 |
<table> |
107 |
<tr> |
108 |
<th>Keyword</th> |
109 |
<th>Explanation</th> |
110 |
<th>Example</th> |
111 |
</tr> |
112 |
<tr> |
113 |
<ti>YOUR_DOMAIN</ti> |
114 |
<ti>Your domain name</ti> |
115 |
<ti>gentoo.org</ti> |
116 |
</tr> |
117 |
<tr> |
118 |
<ti>YOUR_PUBLIC_IP</ti> |
119 |
<ti>The public ip that ISP gives to you</ti> |
120 |
<ti>204.74.99.100</ti> |
121 |
</tr> |
122 |
<tr> |
123 |
<ti>YOUR_LOCAL_IP</ti> |
124 |
<ti>The local ip address</ti> |
125 |
<ti>192.168.1.5</ti> |
126 |
</tr> |
127 |
<tr> |
128 |
<ti>YOUR_LOCAL_NETWORK</ti> |
129 |
<ti>The local network</ti> |
130 |
<ti>192.168.1.0/24</ti> |
131 |
</tr> |
132 |
<tr> |
133 |
<ti>SLAVE_DNS_SERVER</ti> |
134 |
<ti>The ip address of the slave DNS server for your domain.</ti> |
135 |
<ti>209.177.148.228</ti> |
136 |
</tr> |
137 |
<tr> |
138 |
<ti>ADMIN</ti> |
139 |
<ti>The DNS server administrator's name.</ti> |
140 |
<ti>root</ti> |
141 |
</tr> |
142 |
<tr> |
143 |
<ti>MODIFICATION</ti> |
144 |
<ti>The modification date of the file zone, with a number added</ti> |
145 |
<ti>2009062901</ti> |
146 |
</tr> |
147 |
</table> |
148 |
|
149 |
<figure link="/images/local-network-map.png" short="network" caption="Network example"/> |
150 |
|
151 |
</body> |
152 |
</section> |
153 |
</chapter> |
154 |
|
155 |
<chapter> |
156 |
<title>Configuring BIND</title> |
157 |
<section> |
158 |
<title>Installation</title> |
159 |
<body> |
160 |
|
161 |
<p> |
162 |
First, install <c>net-dns/bind</c>. |
163 |
</p> |
164 |
|
165 |
<pre caption="Installing bind"> |
166 |
# <i>emerge net-dns/bind</i> |
167 |
</pre> |
168 |
|
169 |
</body> |
170 |
</section> |
171 |
<section> |
172 |
<title>Configuring /etc/bind/named.conf</title> |
173 |
<body> |
174 |
|
175 |
<p> |
176 |
The first thing to configure is <path>/etc/bind/named.conf</path>. The first |
177 |
part of this step is specifying bind's root directory, the listening port with |
178 |
the IPs, the pid file, and a line for ipv6 protocol. |
179 |
</p> |
180 |
|
181 |
<pre caption="options section"> |
182 |
options { |
183 |
directory "/var/bind"; |
184 |
|
185 |
listen-on-v6 { none; }; |
186 |
listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; }; |
187 |
|
188 |
pid-file "/var/run/named/named.pid"; |
189 |
}; |
190 |
</pre> |
191 |
|
192 |
<p> |
193 |
The second part of <path>named.conf</path> is the internal view used for our |
194 |
local network. |
195 |
</p> |
196 |
|
197 |
<pre caption="Internal view"> |
198 |
view "internal" { |
199 |
match-clients { YOUR_NETWORK; localhost; }; |
200 |
recursion yes; |
201 |
|
202 |
zone "YOUR_DOMAIN" { |
203 |
type master; |
204 |
file "pri/YOUR_DOMAIN.internal"; |
205 |
allow-transfer { any; }; |
206 |
}; |
207 |
}; |
208 |
</pre> |
209 |
|
210 |
<p> |
211 |
The third part of <path>named.conf</path> is the external view used to resolve |
212 |
our domain name for the rest of the world and to resolve all other domain names |
213 |
for us (and anyone who wants to use our DNS server). |
214 |
</p> |
215 |
|
216 |
<pre caption="External view"> |
217 |
view "external" { |
218 |
match-clients { any; }; |
219 |
recursion no; |
220 |
|
221 |
zone "." IN { |
222 |
type hint; |
223 |
file "named.ca"; |
224 |
}; |
225 |
|
226 |
zone "127.in-addr.arpa" IN { |
227 |
type master; |
228 |
file "pri/127.zone"; |
229 |
allow-update { none; }; |
230 |
notify no; |
231 |
}; |
232 |
|
233 |
zone "YOUR_DOMAIN" { |
234 |
type master; |
235 |
file "pri/YOUR_DOMAIN.external"; |
236 |
allow-query { any; }; |
237 |
allow-transfer { SLAVE_DNS_SERVER; }; |
238 |
}; |
239 |
}; |
240 |
</pre> |
241 |
|
242 |
<p> |
243 |
The final part of <path>named.conf</path> is the logging policy. |
244 |
</p> |
245 |
|
246 |
<pre caption="External view"> |
247 |
logging { |
248 |
channel default_syslog { |
249 |
file "/var/log/named/named.log" versions 3 size 5m; |
250 |
severity debug; |
251 |
print-time yes; |
252 |
print-severity yes; |
253 |
print-category yes; |
254 |
}; |
255 |
category default { default_syslog; }; |
256 |
}; |
257 |
</pre> |
258 |
|
259 |
<p> |
260 |
The <path>/var/log/named/</path> directory must be exist and belong to |
261 |
<c>named</c>: |
262 |
</p> |
263 |
|
264 |
<pre caption="Creating the log file"> |
265 |
# <i>mkdir -p /var/log/named/</i> |
266 |
# <i>chmod 770 /var/log/named/</i> |
267 |
# <i>touch /var/log/named/named.log</i> |
268 |
# <i>chmod 660 /var/log/named/named.log</i> |
269 |
# <i>chown -R named /var/log/named/</i> |
270 |
# <i>chgrp -R named /var/log/named/</i> |
271 |
</pre> |
272 |
|
273 |
</body> |
274 |
</section> |
275 |
<section> |
276 |
<title>Creating the internal zone file</title> |
277 |
<body> |
278 |
|
279 |
<p> |
280 |
We use the hostnames and IP adresses of the picture network example. Note that |
281 |
almost all (not all) domain names finish with "." (dot). |
282 |
</p> |
283 |
|
284 |
<pre caption="/var/bind/pri/YOUR_DOMAIN.internal"> |
285 |
$TTL 2d |
286 |
@ IN SOA ns.YOUR_DOMAIN. ADMIN.YOUR_DOMAIN. ( |
287 |
MODIFICATION ; serial |
288 |
3h ; refresh |
289 |
1h ; retry |
290 |
1w ; expiry |
291 |
1d ) ; minimum |
292 |
|
293 |
YOUR_DOMAIN. IN MX 0 mail.YOUR_DOMAIN. |
294 |
YOUR_DOMAIN. IN TXT "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.YOUR_DOMAIN ~all" |
295 |
YOUR_DOMAIN. IN NS ns.YOUR_DOMAIN. |
296 |
YOUR_DOMAIN. IN NS SLAVE_DNS_SERVER |
297 |
www.YOUR_DOMAIN. IN A 192.168.1.3 |
298 |
ns.YOUR_DOMAIN. IN A 192.168.1.5 |
299 |
mail.YOUR_DOMAIN. IN A 192.168.1.3 |
300 |
router.YOUR_DOMAIN. IN A 192.168.1.1 |
301 |
hell.YOUR_DOMAIN. IN A 192.168.1.3 |
302 |
heaven.YOUR_DOMAIN. IN A 192.168.1.5 |
303 |
desktop.YOUR_DOMAIN. IN A 192.168.1.4 |
304 |
</pre> |
305 |
|
306 |
</body> |
307 |
</section> |
308 |
<section> |
309 |
<title>Creating the external zone file</title> |
310 |
<body> |
311 |
|
312 |
<p> |
313 |
Here we only have the subdomains we want for external clients (www, mail and |
314 |
ns). |
315 |
</p> |
316 |
|
317 |
<pre caption="/var/bind/pri/YOUR_DOMAIN.external"> |
318 |
$TTL 2d |
319 |
@ IN SOA ns.YOUR_DOMAIN. ADMIN.YOUR_DOMAIN. ( |
320 |
MODIFICATION ;serial |
321 |
3h ;refresh |
322 |
1h ;retry |
323 |
1w ;expiry |
324 |
1d ) ;minimum |
325 |
|
326 |
YOUR_DOMAIN. IN MX 0 mail.YOUR_DOMAIN. |
327 |
YOUR_DOMAIN. IN TXT "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.YOUR_DOMAIN ~all" |
328 |
YOUR_DOMAIN. IN NS ns.YOUR_DOMAIN. |
329 |
YOUR_DOMAIN. IN NS SLAVE_DNS_SERVER |
330 |
www.YOUR_DOMAIN. IN A YOUR_PUBLIC_IP |
331 |
ns.YOUR_DOMAIN. IN A YOUR_PUBLIC_IP |
332 |
mail.YOUR_DOMAIN. IN A YOUR_PUBLIC_IP |
333 |
</pre> |
334 |
|
335 |
</body> |
336 |
</section> |
337 |
<section> |
338 |
<title>Finishing configuration</title> |
339 |
<body> |
340 |
|
341 |
<p> |
342 |
You'll need to add <c>named</c> to the default runlevel: |
343 |
</p> |
344 |
|
345 |
<pre caption="Add to default runlevel"> |
346 |
# <i>rc-update add named default</i> |
347 |
</pre> |
348 |
|
349 |
</body> |
350 |
</section> |
351 |
</chapter> |
352 |
|
353 |
<chapter> |
354 |
<title>Configuring clients</title> |
355 |
<section> |
356 |
<body> |
357 |
|
358 |
<p> |
359 |
Now you can use your own DNS server in all machines of your local network to |
360 |
resolve domain names. Modify the <path>/etc/resolv.conf</path> file of all |
361 |
machines of your local network. |
362 |
</p> |
363 |
|
364 |
<pre caption="Editing /etc/resolv.conf"> |
365 |
search YOUR_DOMAIN |
366 |
nameserver YOUR_DNS_SERVER_IP |
367 |
</pre> |
368 |
|
369 |
<p> |
370 |
Note that YOUR_DNS_SERVER_IP is the same as YOUR_LOCAL_IP we used in this |
371 |
document. In the picture the example is 192.168.1.5. |
372 |
</p> |
373 |
|
374 |
</body> |
375 |
</section> |
376 |
</chapter> |
377 |
|
378 |
<chapter> |
379 |
<title>Testing</title> |
380 |
<section> |
381 |
<body> |
382 |
|
383 |
<p> |
384 |
We are able to test our new DNS server. First, we need to start the service. |
385 |
</p> |
386 |
|
387 |
<pre caption="Starting the service manually"> |
388 |
# <i>/etc/init.d/named start</i> |
389 |
</pre> |
390 |
|
391 |
<p> |
392 |
Now, we are going to make some <c>host</c> commands to some domains. We can use |
393 |
any computer of our local network to do this test. If you don't have |
394 |
<c>net-dns/host</c> installed you can use <c>ping</c> instead. Otherwise, first |
395 |
run <c>emerge host</c>. |
396 |
</p> |
397 |
|
398 |
<pre caption="Performing the test"> |
399 |
$ <i>host www.gentoo.org</i> |
400 |
www.gentoo.org has address 209.177.148.228 |
401 |
www.gentoo.org has address 209.177.148.229 |
402 |
|
403 |
$ <i>host hell</i> |
404 |
hell.YOUR_DOMAIN has address 192.168.1.3 |
405 |
|
406 |
$ <i>host router</i> |
407 |
router.YOUR_DOMAIN has address 192.168.1.1 |
408 |
</pre> |
409 |
|
410 |
</body> |
411 |
</section> |
412 |
</chapter> |
413 |
|
414 |
<chapter> |
415 |
<title>Protecting the server with iptables</title> |
416 |
<section> |
417 |
<body> |
418 |
|
419 |
<p> |
420 |
If you use iptables to protect your server, you can add these rules for DNS |
421 |
service. |
422 |
</p> |
423 |
|
424 |
<pre caption="Iptables rules"> |
425 |
iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT |
426 |
iptables -A INPUT -p udp --dport 53 -j ACCEPT |
427 |
iptables -A INPUT -p tcp --sport 53 -j ACCEPT |
428 |
iptables -A INPUT -p tcp --dport 53 -j ACCEPT |
429 |
</pre> |
430 |
|
431 |
</body> |
432 |
</section> |
433 |
</chapter> |
434 |
</guide> |