Installing your own DNS Server
Wednesday, July 23rd, 2008This how-to assumes a Debian-type Linux server.
1) Install BIND
$ sudo apt-get install bind9
2) Run BIND chrooted. For security reasons we want to run BIND chrooted so we have to do the following:
$ sudo /etc/init.d/bind9 stop
Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS=”-u bind” so that it reads OPTIONS=”-u bind -t /var/lib/named”:
$ sudo vi /etc/default/bind9OPTIONS="-u bind -t /var/lib/named" # Set RESOLVCONF=no to not run resolvconfRESOLVCONF=yes
3) Create the necessary directories under /var/lib:
$ sudomkdir -p /var/lib/named/etc
$ sudomkdir /var/lib/named/dev
$ sudomkdir -p /var/lib/named/var/cache/bind
$ sudomkdir -p /var/lib/named/var/run/bind/run
4) Then move the config directory from /etc to /var/lib/named/etc:
$ sudomv /etc/bind /var/lib/named/etc
5) Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):
$ sudoln -s /var/lib/named/etc/bind /etc/bind
6) Make null and random devices, and fix permissions of the directories:
$ sudomknod /var/lib/named/dev/null c 1 3
$ sudomknod /var/lib/named/dev/random c 1 8
$ sudochmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
$ sudochown -R bind:bind /var/lib/named/var/*
$ sudochown -R bind:bind /var/lib/named/etc/bind
7) We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD=”" so that it reads: SYSLOGD=”-a /var/lib/named/dev/log”:
$ sudovi /etc/default/syslogd## Top configuration file for syslogd ## # Full documentation of possible arguments are found in the manpage # syslogd(8). # # # For remote UDP logging use SYSLOGD="-r" # SYSLOGD="-a /var/lib/named/dev/log"
9) Restart the logging daemon:
$ sudo/etc/init.d/sysklogd restart
10) Start up BIND, and check /var/log/syslog for errors:
$ sudo/etc/init.d/bind9 start