=====Installing Bind-chroot on a Debian Wheezy Host=====
====Creating the Host====
Using Xen, create the host on the command line as follows.
xen-create-image --hostname=dns \
--vcpus=1 \
--pygrub
If a second interface needs to be added, modify /etc/xen/dns.cfg to look as follows:
vif = ['mac=00:16:3E:5A:B6:6D,bridge=inetbr0', 'mac=00:16:3E:5A:B7:6D,bridge=xenbr0' ]
Start the vm and connect to it to continue configuration
xm create /etc/xen/dns.cfg
xm console dns
====Conduct Initial configuration of the Guest====
[[Debian Initial Config]]
If a second VIF was added, edit /etc/network/interfaces to apply correctly and bring up the second interface.
====Install bind====
Install the bind service.
apt-get install bind9
The below file is for the external dns server. Update for the internal.
// Maintained by: shareef12 admin@twelvetacos.com
// Last known public ip: 10.1.1.0
acl self { 10.1.1.0; 127.0.0.1; };
acl dmz {};
acl internal_dns { 10.24.24.1; };
acl evil {};
controls {};
options {
hostname none;
version "burninator 5.0";
listen-on port 53 { self; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
allow-recursion { self; internal_dns; dmz; };
allow-query-cache { self, internal_dns; dmz; };
allow-update { none; };
allow-transfer { none; };
blackhole { evil; };
minimal-responses yes;
querylog yes
notify no;
//TODO: Configure DNSSEC
};
// log to /var/log/named/example.log all events from
// info UP in severity (no debug)
// defaults to use 3 files in rotation
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging {
channel dns_log {
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default {
example_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
zone "twelvetacos.com" in {
type master;
file "twelvetacos.com";
};
zone "localhost" in {
type master;
file "localhost";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "localhost.rev";
};
$TTL 2d
$ORIGIN twelvetacos.com.
@ IN SOA ns1.twelvetacos.com. admin.twelvetacos.com. (
2015010800 ; se = serial number
12h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
IN NS ns1.twelvetacos.com.
IN MX 10 smtp.twelvetacos.com.
IN A 10.1.1.0
ns1 IN A 10.1.1.0
smtp IN A 10.1.1.0
imap IN CNAME smtp
www IN A 10.1.1.0
linode IN A 173.230.138.199
IN TXT "v=spf1 a -all"
mail._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSnUNq0hFgLle0zxO2RGj6505UhKs8ASXS1fh5uSEmPkHlsUcw2VK3SqofonHs3CGIEfuSNI/lZyaZbRdXai43zde5+/WbP/2w6zJhEb/sNxBoCMsjoSiHxjGHLzJZ0/IlyAF6QM+U6g9bQwaiho/WS/7gzpzCGPU0zZYpLD+gfwIDAQAB"
// Maintained by: shareef12 admin@twelvetacos.com
acl self { 10.1.1.5; 127.0.0.1; };
acl dmz {};
acl internal_dns { 10.24.24.5; };
acl evil {};
controls {};
options {
hostname none;
version "burninator 5.0";
listen-on port 53 { self; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
allow-recursion { self; internal_dns; dmz; };
allow-query-cache { self, internal_dns; dmz; };
allow-update { none; };
allow-transfer { none; };
blackhole { evil; };
minimal-responses yes;
querylog yes
notify no;
//TODO: Configure DNSSEC
};
// log to /var/log/named/example.log all events from
// info UP in severity (no debug)
// defaults to use 3 files in rotation
// failure messages up to this point are in (syslog)
// typically /var/log/messages
//
logging {
channel dns_log {
file "/var/log/named/example.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default {
example_log;
};
};
// required zone for recursive queries
zone "." {
type hint;
file "root.servers";
};
zone "twelvetacos.com" in {
type master;
file "twelvetacos.com";
};
zone "localhost" in {
type master;
file "localhost";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "localhost.rev";
};
$TTL 2d
$ORIGIN twelvetacos.com.
@ IN SOA ns1.twelvetacos.com. admin.twelvetacos.com. (
2015010800 ; se = serial number
12h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
IN NS ns1.twelvetacos.com.
IN MX 10 smtp.twelvetacos.com.
IN A 10.1.1.32
ns1 IN A 10.1.1.1
smtp IN A 10.1.1.16
imap IN CNAME smtp
www IN A 10.1.1.32
linode IN A 173.230.138.199
IN TXT "v=spf1 a -all"
mail._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSnUNq0hFgLle0zxO2RGj6505UhKs8ASXS1fh5uSEmPkHlsUcw2VK3SqofonHs3CGIEfuSNI/lZyaZbRdXai43zde5+/WbP/2w6zJhEb/sNxBoCMsjoSiHxjGHLzJZ0/IlyAF6QM+U6g9bQwaiho/WS/7gzpzCGPU0zZYpLD+gfwIDAQAB"
new_ip=$(wget -qO - linode.twelvetacos.com/ip.php)
old_ip=$(sed -n -e '/Last known public ip:/{s/.*: //p}' /etc/named.conf)
if [ "$old_ip" != "$new_ip" ]
then
sed -i "s/$old_ip/$new_ip/" /etc/named.conf
fi