Installing An Ubuntu Hardy 8.04 LTS DNS Server With BIND

Please note that my main reference and source is Falko's article "The Perfect Server - Ubuntu 8.04 LTS" here with more DNS details.

Version 1.0
Author: Mohamed Ghaleb <Mohamed_Ghaleb [at] msn [dot] com> (English and German only please)
Last edited 06/03/2008

This tutorial shows how to set up an Ubuntu Hardy Heron (Ubuntu 8.04 LTS) based server that offers DNS services. This tutorial is written for the 32-bit version of Ubuntu 8.04 LTS, but should apply to the 64-bit version.

I will use the following software:

  • DNS Server: BIND9

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need the following:

 

2 Preliminary Note

In this tutorial I use the hostname server1.tm.local with the IP address 192.168.0.100 and the gateway 192.168.0.1.. These settings might differ for you, so you have to replace them where appropriate.

 

3 The Base System

Insert your Ubuntu install CD into your system and boot from it. Select your language:

Then select Install Ubuntu Server:

Choose your language again (?):

Then select your location:

Choose a keyboard layout (you will be asked to press a few keys, and the installer will try to detect your keyboard layout based on the keys you pressed):

The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Share this page:

9 Comment(s)

Add comment

Comments

From: x0r at: 2009-05-07 02:46:56

there is another way to get root shell without enable root account...

issue this commands from yours account:

sudo su root

and after you enter YOUR password you get it...

From: Lord Rybec at: 2009-04-29 19:33:21

Actually, you do not have to enable the root account to get a root command line in Ubuntu.  If you would rather keep the extra little security a locked root account provides, just run 'sudo su' and put in your password.

Lord Rybec

From: at: 2008-06-16 01:24:19

There is absolutely no reason to disable apparmor and the fact that this howto not only shows you how to disable it but actively encourages it is irresponsible.

Apparmor is much easier to configure than SELinux. With apparmor enabled you will not really need to chroot bind but if you would like to, you could use the default /var/lib/bind directory instead of chrooting in /var/lib/named or alternatively, you could edit /etc/apparmor.d/usr.sbin.named and change the path /var/lib/bind/** to /var/lib/named/**, then restart apparmor; /etc/init.d/apparmor restart.

From: at: 2008-07-05 18:36:29

Actually, there IS a reason to disable AppArmor:
If you don't do this, the whole procedure above simply DOESN'T WORK.
You just keep getting

rndc: connect failed: 127.0.0.1#953: connection refused

error whenever you try to access your DNS server with rndc. [it also occurs when you use /etc/init.d/bind9 which - I suppose - uses rndc]

There should be a neater way to work this around - maybe some AppArmor settings?

From: Adam Sweet at: 2009-07-07 19:33:57

To fix the remaining issue I needed to add an extra line to /etc/apparmor.d/usr-sbin-named:

 /var/lib/named/dev/random r,

 I think it's already in there in 9.04.

From: Jamie Strandboge at: 2009-12-28 16:02:02

What you have described is (possibly) a reason to disable the bind9 profile, not all of apparmor. See my blog http://penguindroppings.wordpress.com/2009/07/07/should-i-disable-apparmor/ for details.

From: Aloa at: 2008-10-21 18:39:29

how to is good .. but if i do update|upgrade before chrooted to /var/lib/named, after all modifications bind can't start .. tell permisions problem ..

From: heath at: 2008-12-09 23:03:21

After I did updates, appamor was enabled again.  After disabling it one more time, everything went as described.

From: Bill Gallafent at: 2009-11-23 15:04:56

When you add the reverse lookup zone for the local domain, surely this should have the same IP as the statement inside! You have:

zone "3.13.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};

Surely this should read:

zone "0.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.168.192.in-addr.arpa";
};

 (or have I misunderstood something deep?)