Bind

How to find the version number for Bind
Using dig dig @127.0.0.1 version.bind chaos txt Using nslookup nslookup -q=txt -class=CHAOS version.bind. 0 Or if you have access to the daemon on the server, you may run named -v You may also restrict access to the version command acl "trusted"  { {127.0.0/8; }; }; zone "bind" chaos { type master; file "/var/named/bind"; allow-query { trusted; }; allow-transfer { none; }; }; Then create this file in /var/named/bind: TTL 1D $ORIGIN bind. @	1D CHAOS SOA	localhost. root.localhost. ( 			1 			3H 			1H 			1W 			1D  ) CHAOS NS	localhost. This will disallow any query on version except from local host.

Installing Bind
yum -y install bind caching-nameserver

Configuring Bind
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dnskey You need to now build the /etc/named.conf file. It should look something like this: // options { listen-on port 53 { 192.168.1.1; }; directory      "/etc/named"; dump-file      "/etc/named/data/cache_dump.db"; statistics-file "/etc/named/data/named_stats.txt"; memstatistics-file "/etc/named/data/named_mem_stats.txt"; query-source   port 53; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; key dnskey { algorithm HMAC-MD5; secret "asiomasdfeCEDDo1JTt8Q=="; }; zone "." {        type hint; file "named.cache"; }; zone "example.com" IN { type master; file "example.com.zone"; allow-update { key dnskey; }; }; zone "1.168.192.in-addr.arpa" IN { type master; file "192.168.1.zone"; allow-update { key dnskey; }; }; zone "lan.example.com" { type slave; file "lan.example.com.zone"; masters { 192.168.10.2; }; };

After you build the /etc/named.conf file you need to make the zone files that will live in the directory /etc/named. You will need to create a file for each "zone" entry from the above file.

Here is the "Forward Looking" Zone file

mattrude.com.zone: ; zone file for mattrude.com $TTL 6000   ; 172800 secs default TTL for zone mattrude.com. IN     SOA   westley.mattrude.com. samantha.mattrude.com. (                      1          ; serial number                       5m         ; refresh (5 minutes)                       15         ; retry (15 seconds)                       1w         ; expire (1 week)                       3h         ; minimum (3 hours)                       ) IN     NS      samantha.mattrude.com. IN     MX  10  samantha.mattrude.com. samantha     IN      A       192.168.1.2 mythtv       IN      A       192.168.1.3 desktop      IN      A       192.168.1.9 wireless     IN      A       192.168.1.20 www          IN      CNAME   mythtv.mattrude.com. wiki         IN      CNAME   mythtv.mattrude.com. mail         IN      CNAME   samantha.mattrude.com. vpn          IN      CNAME   samantha.mattrude.com. And Here's the Backwards looking zone file. 192.168.1.zone: ; zone file for 192.168.1.0/24 $TTL   86400 ; 24 hours could have been written as 24h or 1d $ORIGIN 1.168.192.IN-ADDR.ARPA. @ 1D  IN        SOA westley.mattrude.com. postmaster.mattrude.com. (                      1           ; serial                       5m          ; refresh (5 minutes)                       15          ; retry (15 seconds)                       1w          ; expire (1 week)                       3h          ; minimum (3 hours)                       ) ; server host definitions IN NS      westley.mattrude.com. IN NS      samantha.mattrude.com. IN MX  10  samantha.mattrude.com. 1           IN  PTR     westley.mattrude.com. 2           IN  PTR     samantha.mattrude.com. 3           IN  PTR     mythtv.mattrude.com.

Finishing up
Make sure bind is set to auto start when the computer starts /sbin/chkconfig named on /sbin/chkconfig --list named Then Start Bind /sbin/service named start

Bind Master Slave Setup
To start out, the master server needs to have UDP & TCP ports 53 open to be able to transfer records between the two hosts. With IPTables, you will need to add the below entries to /etc/sysconfig/iptables. -A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT The slave host only needs UDP port 53 open. -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT

To Turn off Named's chroot
To Turn off Named's chroot edit this file vim /etc/sysconfig/named And change the last line from: ROOTDIR=/var/chroot/named/ To: ROOTDIR=/

RNDC
rndc status

for a in mattrude.com wireless.mattrude.com 1.168.192.in-addr.arpa 2.168.192.in-addr.arpa; do rndc -s mythtv.mattrude.com -c /etc/rndc.config retransfer $a; done