pavement

BIND, installing

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(minor updates)
m (Reverted edits by DavidYoung (talk) to last revision by 71.170.114.32)
 
Line 53: Line 53:
 
[[Category:Common Tasks]]
 
[[Category:Common Tasks]]
 
[[Category:DNS]]
 
[[Category:DNS]]
 
== 5 Easy Steps to Turn Your Life Into an Abundant Garden ==
 
 
Dont judge each day by the harvest you reap but by the seeds that you plant. ~ Robert Lewis StevensonIt has been my experience that life is what you make of it. You can look at it many ways. It can be like a cup of coffee it is all in how you make it. I have decided to look at my life as a garden because your harvest all depends on what seeds you plant.
 
 
[[http://goodvillenews.com/5-Easy-Steps-to-Turn-Your-Life-Into-an-Abundant-Garden-5eoXgS.html 5 Easy Steps to Turn Your Life Into an Abundant Garden]]
 
 
[[http://goodvillenews.com/wk.html GoodvilleNews.com - good, positive news, inspirational stories, articles]]
 
 
== Meet The New Boss: You ==
 
 
What do coffee growers in Ethiopia, hardware store owners in America, and Basque entrepreneurs have in common? For one thing, many of them belong to cooperatives. By pooling their money and resources, and voting democratically on how those resources will be used, they can compete in business and reinvest the benefits in their communities.
 
 
[[http://goodvillenews.com/Meet-The-New-Boss-You-wF4aeF.html Meet The New Boss: You]]
 
 
[[http://goodvillenews.com/wk.html GoodvilleNews.com - good, positive news, inspirational stories, articles]]
 
 
== Solar Device Brings Natural Light to Workers ==
 
 
Fluorescent lights are often seen as the brunt of an artificial working environment, but office workers around the world could soon have sunnier dispositions.
 
 
[[http://goodvillenews.com/Solar-Device-Brings-Natural-Light-to-Workers-sz7hN4.html Solar Device Brings Natural Light to Workers]]
 
 
[[http://goodvillenews.com/wk.html GoodvilleNews.com - good, positive news, inspirational stories, articles]]
 
 
== 5 Principles for Inner Transformation at Work ==
 
 
People go to work to sustain themselves and produce value in the world. Yet work environments can also be stressful, filled with challenging responsibilities and personalities, and feel misaligned with our most deeply cherished values. Instead of sustaining us, the workplace can sometimes feel simply draining, and at worst, unwholesome for both ourselves and the world.
 
 
[[http://goodvillenews.com/5-Principles-for-Inner-Transformation-at-Work-TTklKV.html 5 Principles for Inner Transformation at Work]]
 
 
[[http://goodvillenews.com/wk.html GoodvilleNews.com - good, positive news, inspirational stories, articles]]
 
 
== Turning Grief Into Giving ==
 
 
My friends decided that I needed to get out at least once a week and so we started going for coffee. Those friends helped me get through that terrible first year and still continue to help me.
 
 
[[http://goodvillenews.com/Turning-Grief-Into-Giving-CDHALz.html Turning Grief Into Giving]]
 
 
[[http://goodvillenews.com/wk.html GoodvilleNews.com - good, positive news, inspirational stories, articles]]
 

Latest revision as of 16:29, 25 August 2012

The most common versions of BIND are 9 and 8, although you will occasionally see a BIND version 4 server around, they're not very common -- which is a good thing, since DNS bugs and vulnerabilities are Bad News and older versions of BIND were plagued with both.

BIND in FreeBSD is part of the base system -- it's already there and waiting for you. If you must install it yourself, you can do it from ports, but remember to use

# make -DWITH_PORT_REPLACES_BASE_BIND9 install clean

to overwrite the base installation.

Installing BIND is fairly straightforward; the latest version is 9.3.4-P1 and it's in ports:

# cd /usr/ports/dns/bind9
# make install clean

and you're pretty much done.

[edit] Wait, I thought you said we were done

Well, you're done if you want a standard install. If you want a really secure DNS server, you're probably going to want to install BIND in a chroot jail. It's a pain, but it means that even if your server gets compromised, the rest of the box isn't at risk.

When making a program live inside a jail, the important thing to remember is that everything that the program will need to access will need to live inside the same directories that are inside the jail environment. BIND needs to have some kind of randomness, so you'll need to put a copy of /dev/random inside the jail, as well as all the DNS config files and zone files etc are all in the same jail dir.

So the easy way to do it is to specify the directory that you want to build BIND into using the --prefix=/path/to/chroot/dir and --with-randomdev=/path/to/chroot/dir/dev/random

Rememer the chroot into your jail's chroot directory before you start BIND, and if you have any problems, it's likely because you are missing files in your jail that are necessary for your installation to run; ldd will help you find any missing libraries.

[edit] Logging from within the chroot jail

You may be interested in keeping logs of queries made to BIND, zone transfers, etc. This is easy enough using BIND's logging directive. However, because you've likely installed BIND within a chroot jail, you'll have just a few extra hoops to jump through to get logging to work correctly from within the chroot environment.


First, you need to tell syslogd, the syslog daemon, that it should listen for logging messages inside the jail, since BIND cannot send its logging messages outside the jail. To do this add

 syslogd_flags=-ss -l /var/named/var/log 

to your /etc/rc.conf file.

Second, tell BIND where to place its log files. If you chose the default installation of BIND9, BIND was installed to /var/named and that is where it is chrooted. Conveniently enough, there is a directory /var/named/var/log where it seems obvious to place your log files. So, in BIND9's named.conf file (/etc/namedb/named.conf) you might use a logging directive such as:

 logging {
   queries_file { 
     channel queries_file { file "/var/log/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
   };
   category queries { queries_file; };
 };

Finally, you may forget that BIND's log files are located in the chroot jail. Therefore, you may wish to place a soft link in /var/log to the directory where your log files are located. For example:

 cd /var/log
 ln -s /var/named/var/log named

[edit] Related Links

BIND

BIND (configuring)

BIND (managing)

BIND (securing)

Personal tools