HowtoForge

Installing A FreeBSD 7.0 DNS Server With BIND - Page 5

We will then open the ports-supfile and we will type in our server name:

ee /root/ports-supfile

Around line 49 you will see the default server parameters, mine looks like that below, you can change the server to which ever near you:

*default host=cvsup.de.FreeBSD.org

Save and Exit.

Use the following command to update the ports:

csup -g -L 2 /root/ports-supfile

It may take sometime, however if it didn't connect during the first 2 mins please make sure you have port 5999 opened on your firewall (from your server to the update server),  If it doesn't work just make sure you can telnet on your server using port 5999.

telnet cvsup.de.freebsd.org 5999

If telnet was successful you should see something like that:

OK 17 0 SNAP_16_1h CVSup server ready

To create ports index file we will need to install Perl using the following commands:

cd /usr/ports/lang/perl5.8
make install clean
rehash

After that we will update the ports index and the readme files this may take really long time (may be 40 mins):

cd /usr/ports
make install readmes && make index

 

Portmaster makes life easy when upgrading most of the packages even if there are other packages depend on it, for example if you have Apache Server and you want to upgrade eXpat you have to uninstall eXpat and install the new version, doing this will break the Apache installation, Portmaster can be used to do this operation safely without breaking any links ..etc.

To install Portmaster do the following:

cd /usr/ports/ports-mgmt/portmaster
make install clean
rehash

Portaudit is a nice application which will check the vulnerability database when building ports to ensure that there is no known security issues with what you are installing, if there is a known issue if wont continue and will reference you to the vulnerability.

To install it do the following:

cd /usr/ports/ports-mgmt/portaudit
make install clean
rehash

If you want to install a program even if it has a known vulnerability you can do that using the following command:

make -D DISABLE_VULNERABILITIES install clean

 

9 Installing and Configuring DNS

BIND is part of the FreeBSD 7.0 distribution, check the version you have in the ports collection and if it's equal 9.4.2 skip to the configuration section, if its supersedes 9.4.2 then continue with the installation section

You can check the version you have using the following command:

cat /usr/ports/dns/bind94/Makefile | grep PORTVERSION

 

Installation

cd /usr/ports/dns/bind94
make configure ; make clean

A menu will appear displaying options for BIND, press the [SPACEBAR] to choose the REPLACE_BASE the others you can leave at the defaults, then [TAB] to highlight [OK] and press [ENTER] to complete the installation process.

 

Configuration

We will now configure BIND 1st thing we will add "NO_BIND = YES" to the make.conf file in /etc you can do that using the following commands:

cp /etc/make.conf /etc/make.conf.old
echo "NO_BIND = YES" >> /etc/make.conf

This will let the make command not to build the base version of BIND in case you rebuild FreeBSD from the source.

Now let's edit named.conf to configure our forwarders, zones ...etc.

ee /var/named/etc/namedb/named.conf

Scroll down and comment out the listen-on line (about line 21) by adding // at the beginning of the line, this is to configure BIND to answer both internal and external queries, it should then look like this:

// listen-on     { 127,0,0,1 };

Again scroll down to about line 43 - 47, and you will need to remove the  /*  before the forwarders section as well as the  */  after the forwarders section, then you can replace the  127.0.0.1  with your ISP DNS IP, if you have more than one ISP DNSs you can add them all with  ;  as a separator.

It should then look something like that:

forwarders {
              192.168.0.2;192.168.0.3;
};

Now we need to add our zones, in the same file scroll to the bottom and add your forward and reverse lookup zones, to add the forward lookup zone add the following to the bottom of the file:

zone "tm.local" {
        type master;
        file "master/tm.local";
        allow-transfer { localhost; };
        allow-update { key rndc-key };
};

Well as you can see above, my zone name and zone file name are both tm.local, feel free to change that to your domain name.

There is a feature in BIND called dynamic DNS updates allows BIND to work with the DHCP to dynamically update the client records, I will cover that in detail in my FreeBSD DHCP tutorial.

Now we need to add the reverse lookup zone, so same thing at the end of the file we will add the following:

zone "0.168.192.in-addr.arpa" {
        type master;
        file "master/tm.local.rev";
        allow-transfer { localhost; };
        allow-update { key rndc-key };
};

As you can see my Zone name starts with 0.168.192 that's because my network ID is 192.168.0 after reverse it, it should be 0.168.192, you will need to change this based on your network configuration.

Save and Exit the file.

Now we need to add the rndc.key file and add its contents to the bottom of the named.conf file, rndc.key is an encryption key that rndc utility needs to work, also it's used in case you are using dynamic DNS together with DHCP.

To do that run the following commands:

rndc-confgen -a
cd /var/named/etc/namedb
cp named.conf named.conf.old
cat rndc.key >> named.conf

Now we are finished with the named.conf file, we need now to create our zone files which contain the records, etc.

Installing A FreeBSD 7.0 DNS Server With BIND - Page 5