Configure DNS on CentOS 5 / RHEL 5 with chroot

ADVERTISEMENT

CentOS 6 LogoCentos/Redhat BIND normally runs as the named process owned by the unprivileged named user. Sometimes BIND is also installed using Linux chroot feature to not only run named as user named, but also to limit the files named can see.When installed, named is fooled into thinking that the directory /var/named/chroot is actually the root or / directory. Therefore, named files normally found in the /etc directory are found in /var/named/chroot/etc directory instead, and those you’d expect to find in /var/named are actually located in /var/named/chroot/var/named.The advantage of the chroot feature is that if a hacker enters your system via a BIND exploit, the hacker’s access to the rest of your system is isolated to the files under the chroot directory and nothing else. This type of security is also known as a chroot jail.Install Bind & Bind Chroot RPM using yum command.

yum install bind bind-chroot

ADVERTISEMENT
Article will continue after the ad

Loaded plugins: fastestmirror
Determining fastest mirrors
myrepo | 1.1 kB 00:00
primary.xml.gz | 878 kB 00:00
myrepo 2508/2508
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
There are unfinished transactions remaining. You mightconsider running yum-complete-transaction first to finish them.
–> Running transaction check
—> Package bind-chroot.i386 30:9.3.4-10.P1.el5 set to be updated
—> Package bind.i386 30:9.3.4-10.P1.el5 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================

Installing:
bind i386 30:9.3.4-10.P1.el5 myrepo 953 k
bind-chroot i386 30:9.3.4-10.P1.el5 myrepo 42 k
Transaction Summary

================================================================================

Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 995 k
Is this ok [y/N]: y
Downloading Packages:

(1/2): bind-chroot-9.3.4-10.P1.el5.i386.rpm | 42 kB 00:00
(2/2): bind-9.3.4-10.P1.el5.i386.rpm | 953 kB 00:00

——————————————————————————–

Total 1.8 MB/s | 995 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : bind [1/2]
Installing : bind-chroot [2/2]
Installed: bind.i386 30:9.3.4-10.P1.el5 bind-chroot.i386 30:9.3.4-10.P1.el5
Complete!

Now the configuration files can be found under /var/named/chroot directory instead of /etc. copy the sample configuration file from the sample doc directory to the above.

cp /usr/share/doc/bind-9.3.4/sample/etc/* /var/named/chroot/etc/

Copy the zone files too.

cp -a /usr/share/doc/bind-9.3.4/sample/var/named/* /var/named/chroot/var/named/

We have to add the dns keygen in to the configuration file ie /var/named/chroot/etc/named.conf, create the dns keygen use following command.

dns-keygen
31LAA52EawiHZBOsTR1qeuMa36IU11i80zCgmTWOUL6DJ8vGcCY109JoKQnQ

Insert above in /var/named/chtoot/etc/named.conf

key ddns_key

{
algorithm hmac-md5;
secret 31LAA52EawiHZBOsTR1qeuMa36IU11i80zCgmTWOUL6DJ8vGcCY109JoKQnQ
};

Open up /var/named/chroot/etc/named.conf, enter zone details as per your domain requirement. The following file is minimal configuration to run DNS server. You can copy and use it for your environment also.

vi /var/named/chroot/etc/named.conf
options{directory “/var/named”; // the default
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
memstatistics-file “data/named_mem_stats.txt”;
};
logging
{
channel default_debug {
file “data/named.run”;
severity dynamic;
};
};
zone “itzgeek.com” IN { —–> Name of the forward Zone
type master;
file “itzgeek.com.zone“; —–> Name of the file where Zone Saved
allow-update { none; };
};
zone “4.65.10.in-addr.arpa” IN { —–> Name of the reverse Zone
type master;
file “4.65.10.rev.zone“; —–> Name of the file where Zone Saved
allow-update { none; };
};
key ddns_key
{
algorithm hmac-md5;
secret 31LAA52EawiHZBOsTR1qeuMa36IU11i80zCgmTWOUL6DJ8vGcCY109JoKQnQ;
};

Next you need to have forward zone file (itzgeek.com.zone) in the /var/named/chroot/var/named/ directory. Copy the /var/named/chroot/var/named/localhost.zone as /var/named/chroot/var/named/itzgeek.com.zone.

cp /var/named/chroot/var/named/localhost.zone /var/named/chroot/var/named/itzgeek.com.zone

There are some special keywords for Zone Files.
A – A record
NS – Name Server
MX – Mail for Exchange
CN – Canonical Name

Appropriately edit the zone file. Ensure the entire domain name end with dot(.).

vi /var/named/chroot/var/named/itzgeek.com.zone
$TTL 86400
@ IN SOA ns1.itzgeek.com. root@itzgeek.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.itzgeek.com.
IN A 10.65.4.55
www IN A 10.65.4.55
mail IN A 10.65.4.55
ns1 IN A 10.65.4.55
server IN A 10.65.4.55
itzgeek.com. IN MX 10 mail.itzgeek.com.

Next you need to have reverse zone file (4.65.10.rev.zone) in /var/named/chroot/var/named/ directory.
Copy the /var/named/chroot/var/named/named.local as /var/named/chroot/var/named/4.65.10.rev.zone

cp /var/named/chroot/var/named/named.local /var/named/chroot/var/named/4.65.10.rev.zone

Appropriately edit the reverse zone file.

vi /var/named/chroot/var/named/4.65.10.rev.zone


$TTL 86400@ IN SOA ns1.itzgeek.com. root@itzgeek.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.itzgeek.com.
55 IN PTR itzgeek.com.
55 IN PTR mail.itzgeek.com.
55 IN PTR www.itzgeek.com.
55 IN PTR server.itzgeek.com.
55 IN PTR ns1.itzgeek.com.

Restart the service using the following command

service named restart

Test the DNS server using command, following is to check forward zone.

# host itzgeek.com

itzgeek.com has address 10.65.4.55itzgeek.com mail is handled by 10 mail.itzgeek.com

This is for the reverse zone

# host 10.65.4.5555.4.65.10.in.addr.arpa domain name pointer itzgeek.com.

Host command is good enough to check the DNS server.

Search Term:

Configure DNS on CentOS 5 / RHEL 5 with chroot,Configure DNS on CentOS 5 / RHEL 5, Configure DNS on CentOS 5, Configure DNS on CentOS, Configure DNS on linux, Configure DNS on RHEL 5 with chroot, Configure DNS on RHEL with chroot, Configure DNS on CentOS with chroot, Configure DNS on CentOS 5, Configure DNS on CentOS 5 / RHEL 5 with chroot

ADVERTISEMENT

POSTS YOU MAY LIKE -:)

Share This Post

Shares