From RootdevWiki
Configuration of server to act as slave dns
Server will be chrooted.
Install bind9/named as normal. ie: follow the instruction manual.
Create a chroot directory
mkdir -p /var/chroot/named
Create directories and copy appropriate files
cd /var/chroot/named
mkdir -p var/{run,log}
mkdir data/slave
mkdir etc
cp /etc/named.conf etc
cp /etc/rndc.conf etc
Create a file called named.conf along the lines of..
options {
directory "/";
version "not currently available";
allow-notify {ip.of.primary.nameserver;};
allow-transfer{"none";};
};
logging{
channel mydomain_log{
file "/var/log/named.log" versions 3;
print-time yes;
severity info;
};
category default{
mydomain_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "data/named.root";
};
include "etc/zones.conf";
// required local host domain
zone "localhost" in{
type master;
file "data/pri.localhost";
allow-update{none;};
};
// localhost reverse map
zone "0.0.127.in-addr.arpa" in{
type master;
file "data/named.local";
allow-update{none;};
};
Create a zones.conf file that looks something like this.
zone "domain-one.com" in {
type slave;
file "data/slave/domain-one";
masters {ip.of.primary.nameserver; };
};
zone "domain-two" in {
type slave;
file "data/slave/domain-two.com";
masters {ip.of.primary.naemserver; };
};
etc...
In data, these files are required
named.local
cat named.local
$TTL 86400 ;
; could use $ORIGIN 0.0.127.IN-ADDR.ARPA.
@ IN SOA localhost. root.localhost. (
2004121401 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
named.root
get this from ftp.internic.net/domain/named.root
pri.localhost
$TTL 86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@ 1D IN SOA @ root (
2004121401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ 1D IN NS @
1D IN A 127.0.0.1
You need to change the ownership of a few things...
cd /var/chroot/named chown root.root . chmod 0755 . chown named.named data chmod 0700 data chown named.named var/run
A startup script for this will look like...
#!/bin/bash
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /var/chroot/named/bin/named ] || exit 0
[ -f /var/chroot/named/etc/named.conf ] || exit 0
RETVAL=0
start() {
# Start daemons.
echo -n "Starting named: "
daemon /var/chroot/named/bin/named -t /var/chroot/named -u named
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/named
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n "Shutting down named: "
killproc named
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/named
echo
return $RETVAL
}
rhstatus() {
/usr/sbin/ndc status
return $?
}
restart() {
stop
start
}
reload() {
/usr/sbin/ndc reload
return $?
}
probe() {
# named knows how to reload intelligently; we don't want linuxconf
# to offer to restart every time
/usr/sbin/ndc reload >/dev/null 2>&1 || echo start
return $?
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
rhstatus
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/named ] && restart || :
;;
reload)
reload
;;
probe)
probe
;;
*)
echo "Usage: named {start|stop|status|restart|condrestart|reload|probe}"
exit 1
esac
exit $?
Also make a symlink in /etc/rc3.d so that if the box falls out of the rack, when it is picked back up it should all start up again.
And that's more than can be said about a lot of things.
cd /etc/rc3.d ln -s ../init.d/named S80named
