API tools faq
paste
Advertisement
budiana

Server log Bind9

budiana
Feb 14th, 2012
665
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.54 KB | None | 0 0
raw download clone embed print report
  1. Configuring WEB SERVER and BIND 9 in a chroot jail on Debian 7
  2.  
  3. Sample scenario notes to help you ready with this howto:
  4.  
  5. this server will use hade.biz.tm as domain , a subdomain from biz.tm. 3600 IN A 69.197.18.174.
  6. biz.tm is a public domain at afraid.org
  7.  
  8. hade.biz.tm and www.hade.biz.tm is already setup and ready to use with public ip 110.136.159.200
  9.  
  10. Local ip 192.168.1.100
  11. gateway 192.168.1.1
  12.  
  13. hostname : hade
  14. domain : biz.tm
  15.  
  16. authoritative nameservers for hade.biz.tm zone is
  17.  
  18. ns.hade.biz.tm itself
  19. ns1.afraid.org. 50.23.197.95
  20. ns2.afraid.org. 208.43.71.243
  21. ns3.afraid.org. 72.20.15.61
  22. ns4.afraid.org. 70.39.97.253
  23.  
  24. apt-get -y install bind9 dnsutils
  25. /etc/init.d/bind9 stop
  26. mkdir -p /var/chroot/bind9/{etc,dev,var/cache/bind,var/run/bind/run}
  27. chown -R bind:bind /var/chroot/bind9/var/*
  28. mknod /var/chroot/bind9/dev/null c 1 3
  29. mknod /var/chroot/bind9/dev/random c 1 8
  30. chmod 666 /var/chroot/bind9/dev/{null,random}
  31. mv /etc/bind /var/chroot/bind9/etc
  32. ln -s /var/chroot/bind9/etc/bind /etc/bind
  33. chown -R bind:bind /etc/bind/*
  34. echo "\$AddUnixListenSocket /var/chroot/bind9/dev/log" >> /etc/rsyslog.d/bind-chroot.conf
  35.  
  36. nano /etc/default/bind9
  37.  
  38. edit bind9 to use the chroot (file /etc/default/bind9):
  39. from OPTIONS="-u bind" to OPTIONS="-u bind -t /var/chroot/bind9"
  40.  
  41. We will edit
  42. * /etc/bind/named.conf.local
  43. * /etc/bind/named.conf.options
  44. * /etc/resolv.conf
  45. and create 2 files.
  46. * /etc/bind/db.hade.biz.tm
  47. * /etc/bind/1.168.192.in-addr.arpa.rev
  48.  
  49. First step.
  50.  
  51. nano /etc/bind/named.conf.local
  52.  
  53. zone "hade.biz.tm" {
  54. type master;
  55. file "/etc/bind/db.hade.biz.tm";
  56. allow-transfer {
  57. 110.136.159.200; # ns.hade.biz.tm
  58. 50.23.197.95; # ns1.afraid.org
  59. 208.43.71.243; # ns2.afraid.org
  60. 72.20.15.61; # ns3.afraid.org
  61. 70.39.97.253; # ns4.afraid.org
  62. };
  63. notify no;
  64. };
  65. zone "1.168.192.in-addr.arpa" {
  66. type master;
  67. file "/etc/bind/1.168.192.in-addr.arpa.rev";
  68. };
  69. // Consider adding the 1918 zones here, if they are not
  70. // used in your organization
  71. include "/etc/bind/zones.rfc1918";
  72.  
  73. Save file. Exit.
  74.  
  75. Let’s add the DNS servers from your ISP to make make our server accessable from internet. and dont forget to forwarding port 80,22 (just port you need) from modem or router.
  76. In my case, I’m using telkom.net.id and google DNS servers. You can place the primary and secondary DNS servers here separated by semicolons.
  77.  
  78. nano /etc/bind/named.conf.options
  79.  
  80. options {
  81. directory "/var/cache/bind";
  82.  
  83. // If there is a firewall between you and nameservers you want
  84. // to talk to, you may need to fix the firewall to allow multiple
  85. // ports to talk. See http://www.kb.cert.org/vuls/id/800113
  86.  
  87. // If your ISP provided one or more IP addresses for stable
  88. // nameservers, you probably want to use them as forwarders.
  89. // Uncomment the following block, and insert the addresses replacing
  90. // the all-0's placeholder.
  91.  
  92. forwarders {
  93. 8.8.8.8; 8.8.4.4; 203.130.208.18; 203.130.193.74;
  94. };
  95.  
  96. //========================================================================
  97. // If BIND logs error messages about the root key being expired,
  98. // you will need to update your keys. See https://www.isc.org/bind-keys
  99. //========================================================================
  100. dnssec-validation auto;
  101.  
  102. // Listen on local interfaces only(IPV4)
  103. listen-on { 127.0.0.1; };
  104.  
  105. // Do not make public version of BIND
  106. version none;
  107.  
  108. auth-nxdomain no; # conform to RFC1035
  109. listen-on-v6 { none; };
  110. };
  111.  
  112. Save file. Exit.
  113.  
  114. Now, let’s modify the resolv.conf file found in /etc and place the IP address of our DNS server which is set to 192.168.1.1 ( main Gateway ) and add 127.0.0.1 for cache
  115.  
  116. cat > /etc/resolv.conf << "EOF"
  117. # Begin /etc/resolv.conf
  118. domain hade.biz.tm
  119. nameserver 127.0.0.1
  120. # End /etc/resolv.conf
  121. EOF
  122.  
  123. nano /etc/network/interfaces
  124.  
  125. # This file describes the network interfaces available on your system
  126. # and how to activate them. For more information, see interfaces(5).
  127.  
  128. # The loopback network interface
  129. auto lo
  130. iface lo inet loopback
  131.  
  132. # The primary network interface
  133. allow-hotplug eth0
  134. iface eth0 inet static
  135. address 192.168.1.100
  136. netmask 255.255.255.0
  137. network 192.168.1.0
  138. broadcast 192.168.1.255
  139. gateway 192.168.1.1
  140. # dns-* options are implemented by the resolvconf package, if installed
  141. dns-nameservers 127.0.0.1
  142. dns-search hade.biz.tm
  143.  
  144. nano /etc/bind/db.hade.biz.tm
  145.  
  146. ; hade.biz.tm
  147. $TTL 3600
  148. hade.biz.tm. IN SOA hade.biz.tm. admin@hade.biz.tm. (
  149. 2012042801 ; Serial
  150. 3H ; refresh after 3 hours
  151. 1H ; retry after 1 hour
  152. 1W ; expire after 1 week
  153. 1D) ; minimum TTL of 1 day
  154.  
  155. ; Name Server
  156. IN NS ns.hade.biz.tm. ; ns.hade.biz.tm
  157. IN NS ns1.afraid.org. ; ns1.afraid.org
  158. IN NS ns2.afraid.org. ; ns2.afraid.org
  159. IN NS ns3.afraid.org. ; ns1.afraid.org
  160. IN NS ns4.afraid.org. ; ns2.afraid.org
  161.  
  162. hade.biz.tm. IN A 110.136.159.200
  163. www IN CNAME 110.136.159.200
  164. ns IN NS 110.136.159.200
  165. ns1 IN NS 50.23.197.95
  166. ns2 IN NS 208.43.71.243
  167. ns3 IN NS 72.20.15.61
  168. ns4 IN NS 70.39.97.253
  169.  
  170. ; EOF
  171.  
  172. nano /etc/bind/1.168.192.in-addr.arpa.rev
  173.  
  174. $TTL 1h
  175. @ IN SOA hade.biz.tm. admin@hade.biz.tm. (
  176. 2012042801 ; Serial
  177. 3H ; refresh after 3 hours
  178. 1H ; retry after 1 hour
  179. 1W ; expire after 1 week
  180. 1D) ; minimum TTL of 1 day
  181. IN NS ns.hade.biz.tm.
  182. IN PTR hade.biz.tm.
  183. IN A www.hade.biz.tm.
  184. ; EOF
  185.  
  186. restart rsyslogd and start bind9.
  187. /etc/init.d/rsyslog restart ; /etc/init.d/bind9 start
  188.  
  189. Finally, let’s test our new domain and DNS entries.
  190.  
  191. root@hade:~# dig hade.biz.tm
  192.  
  193. ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> hade.biz.tm
  194. ;; global options: +cmd
  195. ;; Got answer:
  196. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42219
  197. ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0
  198.  
  199. ;; QUESTION SECTION:
  200. ;hade.biz.tm. IN A
  201.  
  202. ;; ANSWER SECTION:
  203. hade.biz.tm. 3600 IN A 192.168.1.100
  204.  
  205. ;; AUTHORITY SECTION:
  206. hade.biz.tm. 3600 IN NS ns1.afraid.org.
  207. hade.biz.tm. 3600 IN NS ns.hade.biz.tm.
  208. hade.biz.tm. 3600 IN NS ns2.afraid.org.
  209. hade.biz.tm. 3600 IN NS ns4.afraid.org.
  210. hade.biz.tm. 3600 IN NS ns3.afraid.org.
  211.  
  212. ;; Query time: 9 msec
  213. ;; SERVER: 127.0.0.1#53(127.0.0.1)
  214. ;; WHEN: Mon Jul 1 10:17:32 2013
  215. ;; MSG SIZE rcvd: 144
  216.  
  217. http://www.dnswatch.info
  218.  
  219. MORE INFO http://wiki.debian.org/Bind9
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!