Install and Configure DNS/BIND On Linux/Rhel/CentOS With Chroot Feature
Centos/Redhat BIND normally runs as the named process owned by the unprivileged named user.Sometimes BIND is also installed using Linux chroot feature to not only run named as user named, but also to limit the files named can see.
When installed, named is fooled into thinking that the directory /var/named/chroot is actually the root or / directory. Therefore, named files normally found in the /etc directory are found in /var/named/chroot/etc directory instead, and those you’d expect to find in /var/named are actually located in /var/named/chroot/var/named.
The advantage of the chroot feature is that if a hacker enters your system via a BIND exploit, the hacker’s access to the rest of your system is isolated to the files under the chroot directory and nothing else. This type of security is also known as a chroot jail.
You can install chroot add-on RPM by using this command.
To install we need to configure the Yum Repository.
Now the DNS root will be /var/named/chroot only. So first copy the named configuration file from /var/named/chroot/etc/
Next copy the sample zone file from /var/named/chroot/var/named directory.
Once sample copy is over, now we have to add the dns keygen in to the configuration file ie /var/named/chroot/etc/named.conf. to create the dns keygen use following command.
Insert above in /var/named/chtoot/etc/named.conf
Again edit the /var/named/chroot/etc/named.conf, enter zone details as per your domain requirement. The following file is minimal configuration to run DNS server. you can copy and use it for your environment also.
Next you need to have forward zone file (geeksite.in.zone) in the /var/named/chroot/var/named/ directory.
Copy the /var/named/chroot/var/namded/localhost.zone as /var/named/chroot/var/named/geeksite.in.zone.
There are some special keywords for Zone Files
NS -Name Server
MX -Mail for Exchange
CN -Canonical Name
Appropriately edit the zone file. Ensure the entire domain name end with dot(.).
Next you need to have reverse zone file (4.65.10.rev.zone) in the /var/named/chroot/var/named/ directory.
Copy the /var/named/chroot/var/namded/named.local as /var/named/chroot/var/named/4.65.10.rev.zone
Appropriately edit this as per your req.
Restart the service using the following command
Simply test the server using command to check forward zone.
This is for the reverse zone.
These above command are good enough to check the DNS. To know more about DNS resolving details we can use Dig or Nslookup