Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Joshua Saddler (nightmorph)" <nightmorph@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/doc/en: bind-guide.xml metadoc.xml
Date: Thu, 16 Jul 2009 23:54:18
Message-Id: E1MRamF-00034b-2V@stork.gentoo.org
1 nightmorph 09/07/16 23:54:15
2
3 Modified: metadoc.xml
4 Added: bind-guide.xml
5 Log:
6 Adding new BIND guide (with accompanying image) to our repository, in sysadmin_specific. Thanks to Vicente Olivert, bug 275816
7
8 Revision Changes Path
9 1.222 xml/htdocs/doc/en/metadoc.xml
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.222&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?rev=1.222&content-type=text/plain
13 diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/metadoc.xml?r1=1.221&r2=1.222
14
15 Index: metadoc.xml
16 ===================================================================
17 RCS file: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v
18 retrieving revision 1.221
19 retrieving revision 1.222
20 diff -u -r1.221 -r1.222
21 --- metadoc.xml 28 Jun 2009 03:42:02 -0000 1.221
22 +++ metadoc.xml 16 Jul 2009 23:54:14 -0000 1.222
23 @@ -1,8 +1,8 @@
24 <?xml version="1.0" encoding="UTF-8"?>
25 <!DOCTYPE metadoc SYSTEM "/dtd/metadoc.dtd">
26 -<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.221 2009/06/28 03:42:02 nightmorph Exp $ -->
27 +<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/metadoc.xml,v 1.222 2009/07/16 23:54:14 nightmorph Exp $ -->
28 <metadoc lang="en">
29 - <version>1.143</version>
30 + <version>1.144</version>
31 <members>
32 <lead>neysx</lead>
33 <member>cam</member>
34 @@ -378,6 +378,7 @@
35 <file id="texlive-migration-guide">/proj/en/tex/texlive-migration-guide.xml</file>
36 <file id="openrc-migration">/doc/en/openrc-migration.xml</file>
37 <file id="multipath">/doc/en/multipath.xml</file>
38 + <file id="bind-guide">/doc/en/bind-guide.xml</file>
39 <file id="devmanual">/proj/en/qa/devmanual.xml</file>
40 </files>
41 <docs>
42 @@ -860,6 +861,9 @@
43 <doc fileid="multipath">
44 <memberof>sysadmin_specific</memberof>
45 </doc>
46 + <doc fileid="bind-guide">
47 + <memberof>sysadmin_specific</memberof>
48 + </doc>
49 <doc fileid="devrel-policy">
50 <memberof>gentoodev_policies</memberof>
51 <memberof>project_devrel</memberof>
52
53
54
55 1.1 xml/htdocs/doc/en/bind-guide.xml
56
57 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/bind-guide.xml?rev=1.1&view=markup
58 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/doc/en/bind-guide.xml?rev=1.1&content-type=text/plain
59
60 Index: bind-guide.xml
61 ===================================================================
62 <?xml version="1.0" encoding="UTF-8"?>
63 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/bind-guide.xml,v 1.1 2009/07/16 23:54:14 nightmorph Exp $ -->
64 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
65
66 <guide>
67 <title>Gentoo BIND Guide</title>
68
69 <author title="Author">
70 <mail link="peratu@×××××××××.com">Vicente Olivert Riera</mail>
71 </author>
72 <author title="Editor">
73 <mail link="nightmorph"/>
74 </author>
75
76 <abstract>
77 This guide will teach you how install and configure BIND for your domain and
78 your local network.
79 </abstract>
80
81 <version>1</version>
82 <date>2009-07-16</date>
83
84 <chapter>
85 <title>Introduction</title>
86 <section>
87 <body>
88
89 <p>
90 This tutorial will show you how to install and configure BIND, the most used DNS
91 server on Internet. We will configure <c>bind</c> for your domain using different
92 configurations, one for your local network and one for the rest of the world. We
93 will use views to do that. One view for your internal zone (your local network)
94 and other view for the external zone (rest of the world).
95 </p>
96
97 </body>
98 </section>
99 </chapter>
100
101 <chapter>
102 <title>Data used in the examples</title>
103 <section>
104 <body>
105
106 <table>
107 <tr>
108 <th>Keyword</th>
109 <th>Explanation</th>
110 <th>Example</th>
111 </tr>
112 <tr>
113 <ti>YOUR_DOMAIN</ti>
114 <ti>Your domain name</ti>
115 <ti>gentoo.org</ti>
116 </tr>
117 <tr>
118 <ti>YOUR_PUBLIC_IP</ti>
119 <ti>The public ip that ISP gives to you</ti>
120 <ti>204.74.99.100</ti>
121 </tr>
122 <tr>
123 <ti>YOUR_LOCAL_IP</ti>
124 <ti>The local ip address</ti>
125 <ti>192.168.1.5</ti>
126 </tr>
127 <tr>
128 <ti>YOUR_LOCAL_NETWORK</ti>
129 <ti>The local network</ti>
130 <ti>192.168.1.0/24</ti>
131 </tr>
132 <tr>
133 <ti>SLAVE_DNS_SERVER</ti>
134 <ti>The ip address of the slave DNS server for your domain.</ti>
135 <ti>209.177.148.228</ti>
136 </tr>
137 <tr>
138 <ti>ADMIN</ti>
139 <ti>The DNS server administrator's name.</ti>
140 <ti>root</ti>
141 </tr>
142 <tr>
143 <ti>MODIFICATION</ti>
144 <ti>The modification date of the file zone, with a number added</ti>
145 <ti>2009062901</ti>
146 </tr>
147 </table>
148
149 <figure link="/images/local-network-map.png" short="network" caption="Network example"/>
150
151 </body>
152 </section>
153 </chapter>
154
155 <chapter>
156 <title>Configuring BIND</title>
157 <section>
158 <title>Installation</title>
159 <body>
160
161 <p>
162 First, install <c>net-dns/bind</c>.
163 </p>
164
165 <pre caption="Installing bind">
166 # <i>emerge net-dns/bind</i>
167 </pre>
168
169 </body>
170 </section>
171 <section>
172 <title>Configuring /etc/bind/named.conf</title>
173 <body>
174
175 <p>
176 The first thing to configure is <path>/etc/bind/named.conf</path>. The first
177 part of this step is specifying bind's root directory, the listening port with
178 the IPs, the pid file, and a line for ipv6 protocol.
179 </p>
180
181 <pre caption="options section">
182 options {
183 directory "/var/bind";
184
185 listen-on-v6 { none; };
186 listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; };
187
188 pid-file "/var/run/named/named.pid";
189 };
190 </pre>
191
192 <p>
193 The second part of <path>named.conf</path> is the internal view used for our
194 local network.
195 </p>
196
197 <pre caption="Internal view">
198 view "internal" {
199 match-clients { YOUR_NETWORK; localhost; };
200 recursion yes;
201
202 zone "YOUR_DOMAIN" {
203 type master;
204 file "pri/YOUR_DOMAIN.internal";
205 allow-transfer { any; };
206 };
207 };
208 </pre>
209
210 <p>
211 The third part of <path>named.conf</path> is the external view used to resolve
212 our domain name for the rest of the world and to resolve all other domain names
213 for us (and anyone who wants to use our DNS server).
214 </p>
215
216 <pre caption="External view">
217 view "external" {
218 match-clients { any; };
219 recursion no;
220
221 zone "." IN {
222 type hint;
223 file "named.ca";
224 };
225
226 zone "127.in-addr.arpa" IN {
227 type master;
228 file "pri/127.zone";
229 allow-update { none; };
230 notify no;
231 };
232
233 zone "YOUR_DOMAIN" {
234 type master;
235 file "pri/YOUR_DOMAIN.external";
236 allow-query { any; };
237 allow-transfer { SLAVE_DNS_SERVER; };
238 };
239 };
240 </pre>
241
242 <p>
243 The final part of <path>named.conf</path> is the logging policy.
244 </p>
245
246 <pre caption="External view">
247 logging {
248 channel default_syslog {
249 file "/var/log/named/named.log" versions 3 size 5m;
250 severity debug;
251 print-time yes;
252 print-severity yes;
253 print-category yes;
254 };
255 category default { default_syslog; };
256 };
257 </pre>
258
259 <p>
260 The <path>/var/log/named/</path> directory must be exist and belong to
261 <c>named</c>:
262 </p>
263
264 <pre caption="Creating the log file">
265 # <i>mkdir -p /var/log/named/</i>
266 # <i>chmod 770 /var/log/named/</i>
267 # <i>touch /var/log/named/named.log</i>
268 # <i>chmod 660 /var/log/named/named.log</i>
269 # <i>chown -R named /var/log/named/</i>
270 # <i>chgrp -R named /var/log/named/</i>
271 </pre>
272
273 </body>
274 </section>
275 <section>
276 <title>Creating the internal zone file</title>
277 <body>
278
279 <p>
280 We use the hostnames and IP adresses of the picture network example. Note that
281 almost all (not all) domain names finish with "." (dot).
282 </p>
283
284 <pre caption="/var/bind/pri/YOUR_DOMAIN.internal">
285 $TTL 2d
286 @ IN SOA ns.YOUR_DOMAIN. ADMIN.YOUR_DOMAIN. (
287 MODIFICATION ; serial
288 3h ; refresh
289 1h ; retry
290 1w ; expiry
291 1d ) ; minimum
292
293 YOUR_DOMAIN. IN MX 0 mail.YOUR_DOMAIN.
294 YOUR_DOMAIN. IN TXT "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.YOUR_DOMAIN ~all"
295 YOUR_DOMAIN. IN NS ns.YOUR_DOMAIN.
296 YOUR_DOMAIN. IN NS SLAVE_DNS_SERVER
297 www.YOUR_DOMAIN. IN A 192.168.1.3
298 ns.YOUR_DOMAIN. IN A 192.168.1.5
299 mail.YOUR_DOMAIN. IN A 192.168.1.3
300 router.YOUR_DOMAIN. IN A 192.168.1.1
301 hell.YOUR_DOMAIN. IN A 192.168.1.3
302 heaven.YOUR_DOMAIN. IN A 192.168.1.5
303 desktop.YOUR_DOMAIN. IN A 192.168.1.4
304 </pre>
305
306 </body>
307 </section>
308 <section>
309 <title>Creating the external zone file</title>
310 <body>
311
312 <p>
313 Here we only have the subdomains we want for external clients (www, mail and
314 ns).
315 </p>
316
317 <pre caption="/var/bind/pri/YOUR_DOMAIN.external">
318 $TTL 2d
319 @ IN SOA ns.YOUR_DOMAIN. ADMIN.YOUR_DOMAIN. (
320 MODIFICATION ;serial
321 3h ;refresh
322 1h ;retry
323 1w ;expiry
324 1d ) ;minimum
325
326 YOUR_DOMAIN. IN MX 0 mail.YOUR_DOMAIN.
327 YOUR_DOMAIN. IN TXT "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.YOUR_DOMAIN ~all"
328 YOUR_DOMAIN. IN NS ns.YOUR_DOMAIN.
329 YOUR_DOMAIN. IN NS SLAVE_DNS_SERVER
330 www.YOUR_DOMAIN. IN A YOUR_PUBLIC_IP
331 ns.YOUR_DOMAIN. IN A YOUR_PUBLIC_IP
332 mail.YOUR_DOMAIN. IN A YOUR_PUBLIC_IP
333 </pre>
334
335 </body>
336 </section>
337 <section>
338 <title>Finishing configuration</title>
339 <body>
340
341 <p>
342 You'll need to add <c>named</c> to the default runlevel:
343 </p>
344
345 <pre caption="Add to default runlevel">
346 # <i>rc-update add named default</i>
347 </pre>
348
349 </body>
350 </section>
351 </chapter>
352
353 <chapter>
354 <title>Configuring clients</title>
355 <section>
356 <body>
357
358 <p>
359 Now you can use your own DNS server in all machines of your local network to
360 resolve domain names. Modify the <path>/etc/resolv.conf</path> file of all
361 machines of your local network.
362 </p>
363
364 <pre caption="Editing /etc/resolv.conf">
365 search YOUR_DOMAIN
366 nameserver YOUR_DNS_SERVER_IP
367 </pre>
368
369 <p>
370 Note that YOUR_DNS_SERVER_IP is the same as YOUR_LOCAL_IP we used in this
371 document. In the picture the example is 192.168.1.5.
372 </p>
373
374 </body>
375 </section>
376 </chapter>
377
378 <chapter>
379 <title>Testing</title>
380 <section>
381 <body>
382
383 <p>
384 We are able to test our new DNS server. First, we need to start the service.
385 </p>
386
387 <pre caption="Starting the service manually">
388 # <i>/etc/init.d/named start</i>
389 </pre>
390
391 <p>
392 Now, we are going to make some <c>host</c> commands to some domains. We can use
393 any computer of our local network to do this test. If you don't have
394 <c>net-dns/host</c> installed you can use <c>ping</c> instead. Otherwise, first
395 run <c>emerge host</c>.
396 </p>
397
398 <pre caption="Performing the test">
399 $ <i>host www.gentoo.org</i>
400 www.gentoo.org has address 209.177.148.228
401 www.gentoo.org has address 209.177.148.229
402
403 $ <i>host hell</i>
404 hell.YOUR_DOMAIN has address 192.168.1.3
405
406 $ <i>host router</i>
407 router.YOUR_DOMAIN has address 192.168.1.1
408 </pre>
409
410 </body>
411 </section>
412 </chapter>
413
414 <chapter>
415 <title>Protecting the server with iptables</title>
416 <section>
417 <body>
418
419 <p>
420 If you use iptables to protect your server, you can add these rules for DNS
421 service.
422 </p>
423
424 <pre caption="Iptables rules">
425 iptables -A INPUT -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
426 iptables -A INPUT -p udp --dport 53 -j ACCEPT
427 iptables -A INPUT -p tcp --sport 53 -j ACCEPT
428 iptables -A INPUT -p tcp --dport 53 -j ACCEPT
429 </pre>
430
431 </body>
432 </section>
433 </chapter>
434 </guide>
Report Message
Find on MARC Find on Google Groups