This article will explain the steps to install and configure the DNS Server chroot binding on CentOS 6.4 virtual private server (VPS) or dedicated server. Usually if you plan to install email server or your own web server, it is good to have your own domain name service (DNS), so that you will have full control of the domain and subdomain. BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name. Beside having full control of our registered domain name, it will also help to improve the speed of domain lookups. All these steps has been tested on CentOS 6.4 64 bit. When you run BIND in a chroot jail, the process is simply unable to see any part of the filesystem outside the jail. As an example, i will setting up BIND to run chrooted to the directory \/var\/named\/chroot\/. Well, to BIND, the contents of this directory will appear to be \/, the root directory. A \u201cjail\u201d is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and it\u2019s purposely to enhance the security. Bind Chroot DNS server was by default configured to \/var\/named\/chroot.<\/p>\n
1. Install Bind Chroot DNS server :<\/p>\n
[root@centos64 ~]# yum install bind-chroot bind -y<\/pre>\n2. Copy all bind related files to prepare bind chrooted environments :<\/p>\n
[root@centos64 ~]# cp -R \/usr\/share\/doc\/bind-*\/sample\/var\/named\/* \/var\/named\/chroot\/var\/named\/<\/pre>\n3. Create bind related files into chrooted directory :<\/p>\n
[root@centos64 ~]# touch \/var\/named\/chroot\/var\/named\/data\/cache_dump.db\n[root@centos64 ~]# touch \/var\/named\/chroot\/var\/named\/data\/named_stats.txt\n[root@centos64 ~]# touch \/var\/named\/chroot\/var\/named\/data\/named_mem_stats.txt\n[root@centos64 ~]# touch \/var\/named\/chroot\/var\/named\/data\/named.run\n[root@centos64 ~]# mkdir \/var\/named\/chroot\/var\/named\/dynamic\n[root@centos64 ~]# touch \/var\/named\/chroot\/var\/named\/dynamic\/managed-keys.bind<\/pre>\n4. Bind lock file should be writeable, therefore set the permission to make it writable as below :<\/p>\n
[root@centos64 ~]# chmod -R 777 \/var\/named\/chroot\/var\/named\/data\n[root@centos64 ~]# chmod -R 777 \/var\/named\/chroot\/var\/named\/dynamic<\/pre>\n5. Set if you do not use IPv6 :<\/p>\n
[root@centos64 ~]# echo 'OPTIONS=\"-4\"' >> \/etc\/sysconfig\/named<\/pre>\n6. Copy \/etc\/named.conf chrooted bind config folder :<\/p>\n
[root@centos64 ~]# cp -p \/etc\/named.conf \/var\/named\/chroot\/etc\/named.conf<\/pre>\n7.Configure main bind configuration in \/etc\/named.conf. Append the ehowstuff.local information to the file :<\/p>\n
[root@centos64 ~]# vi \/var\/named\/chroot\/etc\/named.conf<\/pre>\na. Add bind DNS IP addresses :<\/p>\n
..\nlisten-on port 53 { 127.0.0.1;192.168.2.62;192.168.2.63; };\n..<\/pre>\nb. Create forward and reverse zone :<\/p>\n
..\n..\nzone \"ehowstuff.local\" {\n type master;\n file \"ehowstuff.local.zone\";\n};\n\nzone \"2.168.192.in-addr.arpa\" IN {\n type master;\n file \"192.168.2.zone\";\n};\n..\n..<\/pre>\nFull configuration for named.conf :<\/p>\n
\/\/\n\/\/ named.conf\n\/\/\n\/\/ Provided by Red Hat bind package to configure the ISC BIND named(8) DNS\n\/\/ server as a caching only nameserver (as a localhost DNS resolver only).\n\/\/\n\/\/ See \/usr\/share\/doc\/bind*\/sample\/ for example named configuration files.\n\/\/\n\noptions {\n listen-on port 53 { 127.0.0.1;192.168.2.62;192.168.2.63; };\n listen-on-v6 port 53 { ::1; };\n directory \"\/var\/named\";\n dump-file \"\/var\/named\/data\/cache_dump.db\";\n statistics-file \"\/var\/named\/data\/named_stats.txt\";\n memstatistics-file \"\/var\/named\/data\/named_mem_stats.txt\";\n allow-query { localhost; };\n recursion yes;\n\n dnssec-enable yes;\n dnssec-validation yes;\n dnssec-lookaside auto;\n\n \/* Path to ISC DLV key *\/\n bindkeys-file \"\/etc\/named.iscdlv.key\";\n\n managed-keys-directory \"\/var\/named\/dynamic\";\n};\n\nlogging {\n channel default_debug {\n file \"data\/named.run\";\n severity dynamic;\n };\n};\n\nzone \".\" IN {\n type hint;\n file \"named.ca\";\n};\n\nzone \"ehowstuff.local\" {\n type master;\n file \"ehowstuff.local.zone\";\n};\n\nzone \"2.168.192.in-addr.arpa\" IN {\n type master;\n file \"192.168.2.zone\";\n};\n\ninclude \"\/etc\/named.rfc1912.zones\";\ninclude \"\/etc\/named.root.key\";<\/pre>\n8. Create Forward and Reverse zone files for domain ehowstuff.local.<\/p>\n
a) Create Forward Zone :<\/p>\n
[root@centos64 ~]# vi \/var\/named\/chroot\/var\/named\/ehowstuff.local.zone<\/pre>\n;\n; Addresses and other host information.\n;\n$TTL 86400\n@ IN SOA ehowstuff.local. hostmaster.ehowstuff.local. (\n 2013042201 ; Serial\n 43200 ; Refresh\n 3600 ; Retry\n 3600000 ; Expire\n 2592000 ) ; Minimum\n\n; Define the nameservers and the mail servers\n\n IN NS ns1.ehowstuff.local.\n IN NS ns2.ehowstuff.local.\n IN A 192.168.2.62\n IN MX 10 mail.ehowstuff.local.\n\ncentos64 IN A 192.168.2.62\nmail IN A 192.168.2.62\nns1 IN A 192.168.2.62\nns2 IN A 192.168.2.63<\/pre>\nb) Create Reverse Zone :<\/p>\n
[root@centos64 ~]# vi \/var\/named\/chroot\/var\/named\/192.168.2.zone<\/pre>\n;\n; Addresses and other host information.\n;\n$TTL 86400\n@ IN SOA ehowstuff.local. hostmaster.ehowstuff.local. (\n 2013042201 ; Serial\n 43200 ; Refresh\n 3600 ; Retry\n 3600000 ; Expire\n 2592000 ) ; Minimum\n\n2.168.192.in-addr.arpa. IN NS centos64.ehowstuff.local.\n\n62.2.168.192.in-addr.arpa. IN PTR mail.ehowstuff.local.\n62.2.168.192.in-addr.arpa. IN PTR ns1.ehowstuff.local.\n63.2.168.192.in-addr.arpa. IN PTR ns2.ehowstuff.local.<\/pre>\n9. Start Bind service :<\/p>\n
[root@centos64 ~]# \/etc\/init.d\/named start\nGenerating \/etc\/rndc.key: [ OK ]\nStarting named: [ OK ]\n<\/pre>\n10. Configure Bind auto start at boot :<\/p>\n
[root@centos64 ~]# chkconfig --levels 235 named on<\/pre>\n11. Test and verify Bind DNS setup :
\na. Test and verify using host command :<\/p>\n\n[root@centos64 ~]# host -t ns ehowstuff.local\nehowstuff.local name server ns1.ehowstuff.local.\nehowstuff.local name server ns2.ehowstuff.local.\n[root@centos64 ~]# host -t mx ehowstuff.local\nehowstuff.local mail is handled by 10 mail.ehowstuff.local.\n<\/pre>\nb. Test and verify using nslookup command :<\/p>\n
\n[root@centos64 ~]# nslookup\n> set type=any\n> ehowstuff.local\nServer: 192.168.2.62\nAddress: 192.168.2.62#53\n\nehowstuff.local\n origin = ehowstuff.local\n mail addr = hostmaster.ehowstuff.local\n serial = 2013042201\n refresh = 43200\n retry = 3600\n expire = 3600000\n minimum = 2592000\nehowstuff.local nameserver = ns1.ehowstuff.local.\nehowstuff.local nameserver = ns2.ehowstuff.local.\nName: ehowstuff.local\nAddress: 192.168.2.62\nehowstuff.local mail exchanger = 10 mail.ehowstuff.local.\n> exit\n<\/pre>\nc. Test and verify using dig command :<\/p>\n
\n[root@centos64 ~]# dig ehowstuff.local\n\n; < <>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 < <>> ehowstuff.local\n;; global options: +cmd\n;; Got answer:\n;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6958\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2\n\n;; QUESTION SECTION:\n;ehowstuff.local. IN A\n\n;; ANSWER SECTION:\nehowstuff.local. 2592000 IN A 192.168.2.62\n\n;; AUTHORITY SECTION:\nehowstuff.local. 2592000 IN NS ns1.ehowstuff.local.\nehowstuff.local. 2592000 IN NS ns2.ehowstuff.local.\n\n;; ADDITIONAL SECTION:\nns1.ehowstuff.local. 2592000 IN A 192.168.2.62\nns2.ehowstuff.local. 2592000 IN A 192.168.2.63\n\n;; Query time: 1 msec\n;; SERVER: 192.168.2.62#53(192.168.2.62)\n;; WHEN: Wed Apr 3 00:03:40 2013\n;; MSG SIZE rcvd: 117\n\n<\/pre>\n","protected":false},"excerpt":{"rendered":"This article will explain the steps to install and configure the DNS Server chroot binding on CentOS 6.4 virtual private server (VPS) or dedicated server. Usually if you plan to…<\/p>\n","protected":false},"author":6,"featured_media":5554,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1111,2055,1138],"tags":[1255,1280,1337,1536],"class_list":["post-4584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bind9","category-centos","category-dns","tag-centos-6-4","tag-chroot","tag-dns","tag-linux"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/4584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=4584"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/4584\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/5554"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=4584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=4584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=4584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}