Installing A FreeBSD 7.0 DNS Server With BIND - Page 5

We will then open the ports-supfile and we will type in our server name:

ee /root/ports-supfile

Around line 49 you will see the default server parameters, mine looks like that below, you can change the server to which ever near you:

*default host=cvsup.de.FreeBSD.org

Save and Exit.

Use the following command to update the ports:

csup -g -L 2 /root/ports-supfile

It may take sometime, however if it didn't connect during the first 2 mins please make sure you have port 5999 opened on your firewall (from your server to the update server),  If it doesn't work just make sure you can telnet on your server using port 5999.

telnet cvsup.de.freebsd.org 5999

If telnet was successful you should see something like that:

OK 17 0 SNAP_16_1h CVSup server ready

To create ports index file we will need to install Perl using the following commands:

cd /usr/ports/lang/perl5.8
make install clean
rehash

After that we will update the ports index and the readme files this may take really long time (may be 40 mins):

cd /usr/ports
make install readmes && make index

 

8 Installing Portmaster and Portaudit (Optional but Recommended)

Portmaster makes life easy when upgrading most of the packages even if there are other packages depend on it, for example if you have Apache Server and you want to upgrade eXpat you have to uninstall eXpat and install the new version, doing this will break the Apache installation, Portmaster can be used to do this operation safely without breaking any links ..etc.

To install Portmaster do the following:

cd /usr/ports/ports-mgmt/portmaster
make install clean
rehash

Portaudit is a nice application which will check the vulnerability database when building ports to ensure that there is no known security issues with what you are installing, if there is a known issue if wont continue and will reference you to the vulnerability.

To install it do the following:

cd /usr/ports/ports-mgmt/portaudit
make install clean
rehash

If you want to install a program even if it has a known vulnerability you can do that using the following command:

make -D DISABLE_VULNERABILITIES install clean

 

9 Installing and Configuring DNS

BIND is part of the FreeBSD 7.0 distribution, check the version you have in the ports collection and if it's equal 9.4.2 skip to the configuration section, if its supersedes 9.4.2 then continue with the installation section

You can check the version you have using the following command:

cat /usr/ports/dns/bind94/Makefile | grep PORTVERSION

 

Installation

cd /usr/ports/dns/bind94
make configure ; make clean

A menu will appear displaying options for BIND, press the [SPACEBAR] to choose the REPLACE_BASE the others you can leave at the defaults, then [TAB] to highlight [OK] and press [ENTER] to complete the installation process.

 

Configuration

We will now configure BIND 1st thing we will add "NO_BIND = YES" to the make.conf file in /etc you can do that using the following commands:

cp /etc/make.conf /etc/make.conf.old
echo "NO_BIND = YES" >> /etc/make.conf

This will let the make command not to build the base version of BIND in case you rebuild FreeBSD from the source.

Now let's edit named.conf to configure our forwarders, zones ...etc.

ee /var/named/etc/namedb/named.conf

Scroll down and comment out the listen-on line (about line 21) by adding // at the beginning of the line, this is to configure BIND to answer both internal and external queries, it should then look like this:

// listen-on     { 127,0,0,1 };

Again scroll down to about line 43 - 47, and you will need to remove the  /*  before the forwarders section as well as the  */  after the forwarders section, then you can replace the  127.0.0.1  with your ISP DNS IP, if you have more than one ISP DNSs you can add them all with  ;  as a separator.

It should then look something like that:

forwarders {
              192.168.0.2;192.168.0.3;
};

Now we need to add our zones, in the same file scroll to the bottom and add your forward and reverse lookup zones, to add the forward lookup zone add the following to the bottom of the file:

zone "tm.local" {
        type master;
        file "master/tm.local";
        allow-transfer { localhost; };
        allow-update { key rndc-key };
};

Well as you can see above, my zone name and zone file name are both tm.local, feel free to change that to your domain name.

There is a feature in BIND called dynamic DNS updates allows BIND to work with the DHCP to dynamically update the client records, I will cover that in detail in my FreeBSD DHCP tutorial.

Now we need to add the reverse lookup zone, so same thing at the end of the file we will add the following:

zone "0.168.192.in-addr.arpa" {
        type master;
        file "master/tm.local.rev";
        allow-transfer { localhost; };
        allow-update { key rndc-key };
};

As you can see my Zone name starts with 0.168.192 that's because my network ID is 192.168.0 after reverse it, it should be 0.168.192, you will need to change this based on your network configuration.

Save and Exit the file.

Now we need to add the rndc.key file and add its contents to the bottom of the named.conf file, rndc.key is an encryption key that rndc utility needs to work, also it's used in case you are using dynamic DNS together with DHCP.

To do that run the following commands:

rndc-confgen -a
cd /var/named/etc/namedb
cp named.conf named.conf.old
cat rndc.key >> named.conf

Now we are finished with the named.conf file, we need now to create our zone files which contain the records, etc.

Share this page:

2 Comment(s)

Add comment

Comments

From: Anonymous at: 2009-02-13 10:44:12

Hi,

Great post.

This is a complementary article that explains howto setup IPv6 DNS zones with bind.

Cheers.

From: Anonymous at: 2012-01-24 09:35:36

Here is details on instalation php, bind, apache, mysql on freebsd:

After installation , run update:
#uname -a
#freebsd-update fetch
#freebsd-update install
#reboot
#uname -a

Port update:
#cp /usr/share/examples/cvsup/ports-supfile /root

#ping -c 3 cvsup6.freebsd.org
#ee /root/ports-supfile
(*default host=cvsup6.FreeBSD.org)

Starting update:
#csup -g -L 2 /root/ports-supfile

#whereis bash      //you can use: cd `whereis -q bash`    ; whereis -b bash    gives you path of binary
#cd /usr/ports/shells/bash
#make install
#hash
#rehash

#whereis portaudit
#cd /usr/ports/ports-mgmt/portaudit
#make install
#/usr/local/sbin/portaudit -Fda

#chsh -s /usr/local/bin/bash
#exit

#> /etc/motd     //write empty motd file, it displays on login

#whereis mc
#cd /usr/ports/misc/mc
#make install


Set static IP address:
#ee /etc/rc.conf
Add lines:
ifconfig_em0="inet 192.168.111.9 netmask 255.255.255.240"
defaultrouter="192.168.111.1"

Add user "user1" in group wheel so he can switch to root
#pw usermod student -G wheel



Installing BIND DNS service on FreeBSD:
#cd /usr/ports/dns/bind97/
#make config
#make install

Create file:
#cp /etc/make.conf /etc/make.conf.old
#ee /etc/make.conf
Add here this:
"NO_BIND = YES"

Editing file named.conf:
#mcedit /var/named/etc/namedb/named.conf
 - delete localhost 127.1.0.0
 - set forwarders
 - add on the end of file:
 zone "facebook.ba"
 {
 type master;
 file "master/facebook.ba";
 allow-transfer {localhost;};
 allow-update {key rndc-key;};
 }
 

Creating rndc key:
#rndc-confgen -a
#cd /var/named/etc/namedb
#cp named.conf named.conf.old
#cat rndc.key >> named.conf

Creating master file:
#cd /var/named/etc/namedb/
#mcedit facebook.ba

Write into facebook.ba file:
    $TTL 3600
    facebook.ba IN SOA server.facebook.ba root.facebook.ba
    (
    1 ; Serial ; Increment by one after every change
    10800 ; Refresh every hour
    3600 ; Retry every 15 minutes
    604800 ; Expire 1000 hours
    86400 ) ; Minimum 1 hour

    ;DNS servers
    facebook.ba IN NS server.facebook.ba.

    ;Computer names
    server.facebook.ba IN A 192.168.1.103
    komp.facebook.ba IN A 192.168.1.102

    ;Aliases
    www IN CNAME server.facebook.ba
    ww1 IN CNAME komp.facebook.ba

    ;MX records
    facebook.ba IN MX 10 mail.facebook.ba.

Then copy file facebook.ba:
/var/named/etc/namedb/# cp facebook.ba working/

Change DNS servers on system:
#ee /etc/resolv.conf
Write into resolv.conf:
domain facebook.ba
nameserver 192.168.1.103

Set up config so BIND will start after reboot:
#ee /etc/rc.conf
Add this on the end:
hostname="facebook.ba"
named_enable="YES"

Start BIND
#/etc/rc.d/named start

Create emty file: /var/named/etc/namedb/working/managed-keys.bind:
> working/managed-keys.bind

Test if everything works:
#dig www.facebook.ba
#dig www.google.ba



Installing APACHE service:
#cd /usr/ports/www/apache22
#make config
#make install   (On menu set all default, you can only desellect ipv6)

Configuration:
Open httpd.conf located in /usr/local/etc/apache22
#ee /usr/local/etc/apache22/httpd.conf
Change:
 - ServerAdmin you@example.com   (put your e-mail address)
 - ServerName www.exaple.com:80  (Remove comment add change address to www.facebok.ba:80)

Testing:
#apachectl configtest

Setting up  automatic start of Apache on system startup:
#ee /etc/rc.conf
Add on the end of file:
apache22_enabled = "YES"
apache22_http_accept_enable= "YES"

Restart apache server:
/usr/local/etc/rc.d/apache22 start

Webpage in this path:/usr/local/www/apache22/data/index.html

Log files are here:
/var/log/httpd-access.log
/var/log/httpd-error.log


Instalation of MySQL database:
#cd /usr/ports/databases/mysql55-server
#make -D BUILD_OPTIMIZED install
#hash



Configuration of MySQL database
#mysql_install_db --user=mysql

#mysql_safe &
#mysqladmin -u root password 'localpassword'

Copying existing configuration:
#cp /usr/local/share/mysql/my-medium.cnf /var/db/mysql/my.cnf

Restricting remote using of database, throught network:
ee /var/db/mysql/my.cnf
Remove comment on line 45 so it looks like this:skip-networking

Configuration for startup of MySQL:
#ee /etc/rc.conf
Add on the end:
mysql_enable="YES"

Restart MySQL to apply all changes:
#/usr/local/etc/rc.d/mysql-server restart

Showing databases:
#mysqlshow -p

Check permissions of TMP folder:
#chown root:wheel /tmp
#chmod 777 /tmp
#chmod = t /tmp

Loging on server
#mysql -u root -p

Showing databases and working with dthat database:
#mysql> show databases;

Creating dtabase:
#mysql> create database ins2007;

Adding user with full permissions on database:
#mysql> grant all on ins2007. to vt@localhost identified by 'password';

Adding userwith read permissions on base:
#mysql> grant select on ins2007.* to vt@localhost identified by 'password'

Adding user with customized permisions on database:
#mysql grant (choose between select,insert,update,delete,create,drop) on ins2007.* vt@localhost identified by 'password'

Removing users form dbase:
#mysql> revoke all privileges on ins2007.* from vt@localhost;

Removing users from MySQL servera:
#mysql> revoke all privileges, grant option from vt@localhost;
#mysql> drop user vt@localhost;

Erasing base:
mysql>drop database ins2007;

Showing privilegies for each user:
#mysql> show grants for vt@localhost;

Backup of all MySQL databases:
#mysqldump -u root -p --all-databases > /path/nameofbackup.sql

Backup only one database:
#mysqldump -u root -p --databases fitbaza > /path/iee nameofbackup.sql

Restore database:
#mysql -u root -p ins2007 < /path/nameofbackup.sql

Configuration file of MySQL database:
/var/db/mysql/my.cnf

Log file of MySQL database
/var/db/mysql/server.facebook.ba.err



Instalation of PHP
#cd /usr/ports/loang/php5
#make config ; make install
When menu appears choose Apache (Build  apache module), other leave default.

Edit Apache httpd.conf for php support:
#ee /usr/local/etc/apache22/httpd.conf
Change path of index.php:
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
On the end add text:
AddType application/x-http-php .php
AddType application/x-http-php-source .phps

Copy configuration file php.ini:
#cd /usr/local/etc
#cp php.ini-recommended php.ini

Specificate session save.path in configuration of php:
#ee /usr/local/etc/php.ini
Remove comment and set path:
session.save_path = "/tmp"

Save and restart Apache
#/usr/local/etc/rc.d/apache22 restart

Testing php:
#ee /usr/local/www/apache22/data/phpinfo.php
Add this line:<?php phpinfo();?>