HOWTO: Linux: Installing Bind
This is my distillation of a number of resources covering a relatively secure installation of bind, the DNS server. Note that this how-to only covers installation not configuration.
-
apt-get install bind9
- For security, we want to run bind in a chroot environment.
/etc/init.d/bind9 stop
- Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named.
OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes - Create the necessary directories under /var/lib:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run - Then move the config directory from /etc to /var/lib/named/etc:
mv /etc/bind /var/lib/named/etc
- Create a symlink to the new config directory from the old location (to avoid problems when bind is upgraded in the future):
ln -s /var/lib/named/etc/bind /etc/bind
- Make null and random devices, and fix permissions of the directories we created in step 4:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind - We need to modify the startup script /etc/init.d/syslogkd so that we can still get important messages logged to the system logs:
...
# Options for start/restart the daemons
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-u syslog -a /var/lib/named/dev/log"
create_xconsole()
{
... - Restart the logging daemon:
/etc/init.d/sysklogd restart
- Start up bind, and check /var/log/syslog for errors:
/etc/init.d/bind9 start
Kubuntu AMD64 or 386?
Forgot your password?