pavement

BIND, installing

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
(Wait, I thought you said we were done)
m (purtification)
Line 1: Line 1:
 +
The most common versions of BIND are 9 and 8, although you will occasionally see a BIND version 4 server around, they're not very common -- which is a good thing, since DNS bugs and vulnerabilities are Bad News and older versions of BIND were plagued with both.
 +
 +
BIND in FreeBSD is part of the base system -- it's already there and waiting for you. If you ''must'' install it yourself, you can do it from ports, but remember to use
 +
# make -DWITH_PORT_REPLACES_BASE_BIND9 install clean
 +
to overwrite the base installation.
 +
 
Installing BIND is fairly straightforward; the latest version is 9.3.1 and it's in ports:
 
Installing BIND is fairly straightforward; the latest version is 9.3.1 and it's in ports:
 
  # cd /usr/ports/dns/bind9
 
  # cd /usr/ports/dns/bind9
 
  # make install clean
 
  # make install clean
 
and you're pretty much done.  
 
and you're pretty much done.  
 
The most common versions of BIND are 9 and 8, although you will occasionally see a BIND version 4 server around, they're not very common -- which is a good thing, since DNS bugs and vulnerabilities are Bad News and older versions of BIND were plagued with both.
 
  
 
==Wait, I thought you said we were done==
 
==Wait, I thought you said we were done==
Line 13: Line 17:
  
 
So the easy way to do it is to specify the directory that you want to build BIND into using the --prefix=/path/to/chroot/dir and --with-randomdev=/path/to/chroot/dir/dev/random
 
So the easy way to do it is to specify the directory that you want to build BIND into using the --prefix=/path/to/chroot/dir and --with-randomdev=/path/to/chroot/dir/dev/random
 +
 +
==Related Links==
  
 
[[BIND (configuring)]]
 
[[BIND (configuring)]]

Revision as of 14:58, 28 September 2005

The most common versions of BIND are 9 and 8, although you will occasionally see a BIND version 4 server around, they're not very common -- which is a good thing, since DNS bugs and vulnerabilities are Bad News and older versions of BIND were plagued with both.

BIND in FreeBSD is part of the base system -- it's already there and waiting for you. If you must install it yourself, you can do it from ports, but remember to use

# make -DWITH_PORT_REPLACES_BASE_BIND9 install clean

to overwrite the base installation.

Installing BIND is fairly straightforward; the latest version is 9.3.1 and it's in ports:

# cd /usr/ports/dns/bind9
# make install clean

and you're pretty much done.

Wait, I thought you said we were done

Well, you're done if you want a standard install. If you want a really secure DNS server, you're probably going to want to install BIND in a chroot jail. It's a pain, but it means that even if your server gets compromised, the rest of the box isn't at risk.

Making a program live inside a jail, the important thing to remember is that everything that the program will need to access will need to live inside the same directories that are inside the jail environment. BIND needs to have some kind of randomness, so you'll need to put a copy of /dev/random inside the jail, as well as all the DNS config files and zone files etc are all in the same jail dir.

So the easy way to do it is to specify the directory that you want to build BIND into using the --prefix=/path/to/chroot/dir and --with-randomdev=/path/to/chroot/dir/dev/random

Related Links

BIND (configuring)

BIND (managing)

BIND (securing)

Personal tools