The Perfect Setup - Debian Etch (Debian 4.0) - Page 4

9 DNS Server

Run

apt-get install bind9

For security reasons we want to run BIND chrooted so we have to do the following steps:

/etc/init.d/bind9 stop

Edit the file /etc/default/bind9 so that the daemon will run as the unprivileged user bind, chrooted to /var/lib/named. Modify the line: OPTIONS="-u bind" so that it reads OPTIONS="-u bind -t /var/lib/named":

vi /etc/default/bind9

OPTIONS="-u bind -t /var/lib/named"
# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

Create the necessary directories under /var/lib:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run

Then move the config directory from /etc to /var/lib/named/etc:

mv /etc/bind /var/lib/named/etc

Create a symlink to the new config directory from the old location (to avoid problems when bind gets updated in the future):

ln -s /var/lib/named/etc/bind /etc/bind

Make null and random devices, and fix permissions of the directories:

mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

We need to modify /etc/default/syslogd so that we can still get important messages logged to the system logs. Modify the line: SYSLOGD="" so that it reads: SYSLOGD="-a /var/lib/named/dev/log":

vi /etc/default/syslogd

#
# Top configuration file for syslogd
#

#
# Full documentation of possible arguments are found in the manpage
# syslogd(8).
#

#
# For remote UDP logging use SYSLOGD="-r"
#
SYSLOGD="-a /var/lib/named/dev/log"

Restart the logging daemon:

/etc/init.d/sysklogd restart

Start up BIND, and check /var/log/syslog for errors:

/etc/init.d/bind9 start

 

10 MySQL

In order to install MySQL, we run

apt-get install mysql-server mysql-client libmysqlclient15-dev

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address = 127.0.0.1:

vi /etc/mysql/my.cnf

[...]
#bind-address           = 127.0.0.1
[...]

Then we restart MySQL:

/etc/init.d/mysql restart

Now check that networking is enabled. Run

netstat -tap

In the output you should see a line like this one:

tcp        0      0 *:mysql                 *:*                     LISTEN     3281/mysqld

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).

Share this page:

7 Comment(s)

Add comment

Comments

From: at: 2008-07-15 21:04:25

Since the netstat command will output many lines, how about cleaning this up for newbies by having folks run "netstat -tap | grep mysql" instead of just the "netstat -tap"?

From: admin at: 2008-10-09 16:57:56

You are wrong. There are two root logins, one for localhost and one for server1.example.com, therefore the first password doesn't affect the second login.

From: Anonymous at: 2008-10-31 08:19:24

However the second command doesn't work. So who's right?

From: Noxion at: 2009-01-15 19:49:47

Both commands should be working, try editing the host file again as explained at page 3 of this how-to.

If you follow these instructions correctly there should be no problems here.

From: Agostino at: 2008-10-09 13:01:30

After you have changed the password with the command

 mysqladmin -u root password yourrootsqlpassword

you cannot set

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

beaucose the password was changed and you have this

error: 'Host 'server1.example.com' is not allowed to connect to this mysql server'

now you have to supply the password set before, please correct the command in

mysqladmin -h server1.example.com -u root -p yourrootsqlpassword password yourrootsqlpassword

thank you.

From: r4pt0r at: 2009-03-23 15:49:43

The second command isn't working for me - the mysql server denies the connection from the host. Never had this problem with mysql on 2 other etch servers before but on this new server i'm setting up, mysql really pisses me off...

Even if i set the hostname to be the FQDN as shown on page 3 (what would be wrong - 'hostname' should return "hostname" and 'hostname -f' should return "hostname-domain.tld")

All i get is this:

mysqladmin: connect to server at 'host.domainname.de' failed
error: 'Host 'host.domainname.de' is not allowed to connect to this MySQL server'

From: Stefan Hammes at: 2009-02-06 07:56:33

When installing bind9 chrooted as shown in this tutorial, it will always use GMT for logging because it has no access to timezone info. Therefore add the following command to the tutorial:

cp /etc/localtime /var/lib/named/etc/

With this, bind9 will use the correct local time for logging.