BIND, installing
m |
|||
Line 3: | Line 3: | ||
# make install clean | # make install clean | ||
and you're pretty much done. | and you're pretty much done. | ||
+ | |||
+ | The most common versions of BIND are 9 and 8, although you will occasionally see a BIND version 4 server around, they're not very common -- which is a good thing, since DNS bugs and vulnerabilities are Bad News and older versions of BIND were plagued with both. | ||
==Wait, I thought you said we were done== | ==Wait, I thought you said we were done== | ||
Well, you're done if you want a standard install. If you want a really secure DNS server, you're probably going to want to install BIND in a [[chroot]] [[jail]]. It's a pain, but it means that even if your server gets compromised, the rest of the box isn't at risk. | Well, you're done if you want a standard install. If you want a really secure DNS server, you're probably going to want to install BIND in a [[chroot]] [[jail]]. It's a pain, but it means that even if your server gets compromised, the rest of the box isn't at risk. | ||
+ | |||
+ | So the easy way to do it is to specify the directory that you want to build BIND into using the --prefix=/path/to/chroot/dir and --with-randomdev=/path/to/chroot/dir/dev/random | ||
[[BIND (configuring)]] | [[BIND (configuring)]] |
Revision as of 13:38, 28 September 2005
Installing BIND is fairly straightforward; the latest version is 9.3.1 and it's in ports:
# cd /usr/ports/dns/bind9 # make install clean
and you're pretty much done.
The most common versions of BIND are 9 and 8, although you will occasionally see a BIND version 4 server around, they're not very common -- which is a good thing, since DNS bugs and vulnerabilities are Bad News and older versions of BIND were plagued with both.
Wait, I thought you said we were done
Well, you're done if you want a standard install. If you want a really secure DNS server, you're probably going to want to install BIND in a chroot jail. It's a pain, but it means that even if your server gets compromised, the rest of the box isn't at risk.
So the easy way to do it is to specify the directory that you want to build BIND into using the --prefix=/path/to/chroot/dir and --with-randomdev=/path/to/chroot/dir/dev/random