Exercise 1 =========== Overview 1- dig 2-Retrieving BIND 3-Building, Installing BIND 4-testing your installation 5-Rndc 1-dig * dig for NXDOMAIN # dig www.cctld.pacnog2.dnsdojo.net a check the header, answer and authority sections of the response * dig for NOERROR with RR # dig noc.pacnog2.dnsdojo.net a check the header, answer and authority sections of the response * dig for NOERROR with 0 RR # dig noc.pacnog2.dnsdojo.net txt check the header, answer and authority sections of the response 2-Retrieving BIND From Internet System Consortium(Source of BIND) http://www.isc.org by HTTP or FTP and other packages needed note: Version 8 In use, available, obsolete Don't start to use it Migrate to Version 9 (Okay, BIND 8 is faster than BIND 9) Version 9 Current version Release Release Candidate (Betas) Snapshots (Alphas) Never Use Snapshots HTTP http://www.isc.org/products/BIND/ http://www.isc.org/products/BIND/bind9.html BIND 9.3.1 today FTP ftp.isc.org - anonymous Change Directory to /isc/bind9 cd 9.3.1 ftp://ftp.isc.org/isc/bind9/9.3.1/bind-9.3.1.tar.gz We will use our local ftp server : ftp://noc.pacnog2.dnsdojo.net/pub/software/bind-9.3.1.tar.gz other packages OpenSSL(www.openssl.org) needed for DNSSEC Already installed 2-Installing BIND a- $ tar -xzf bind-9.3.1.tar.gz Uncompresses and creates directory bind-9.3.1 What's in there? A lot of stuff ./configure (script) ./doc/arm/Bv9ARM.html Administrator's Reference Manual Good source!!! b- $ ./configure c- $ make d- $ su e- # make install f- # rm /usr/sbin/named /usr/bin/rndc (and other stuff if you want, but these are the important ones) Executables /usr/local/sbin dnssec-keygen, dnssec-makekeyset, dnssec-signkey, dnssec-signzone lwresd, named-checkconf, named-checkzone rndc, rndc-confgen named /usr/local/bin dig host, isc-config.sh, nslookup nsupdate And libraries "happen" 3-testing your installation a-Make sure right version is now installed # named -v 4-RNDC what is Remote Name Daemon Controller Command-line control of named daemon Usually on same host, can be across hosts "rndc-confgen" generates lines to be added to two files named.conf and rndc.conf /usr/local/etc/named.conf #key definition key rndc_key { secret "dY7/uIiR0fKGvi5z50+Q=="; algorithm hmac-md5; }; Warning: example secret looks good but is invalid (don't copy it!) #controls statement controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; /usr/local/etc/rndc.conf specifies defaults for rndc E.g., key "rndc-key" { algorithm hmac-md5; secret "dY7/uIiR0fKGvi5z50+Q=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; what can you do this rndc ? rndc stop - kills server rndc status - prints some information rndc stats - generates stat file (named.stats) rndc reload - refresh zone(s), w/variations rndc trace - increases debug level rndc flush - removes cached data rndc gives the full option list 1- run rndc-confgen # rndc-confgen 2- create your /usr/local/etc/named.conf and /usr/local/etc/rndc.conf files with data from rndc-confgen 3-start named # named -g If needed the option pid-file to your named.conf options { pid-file "/var/run/named/named.pid"; }; 4-test your rndc configuration # rndc status 5- test with other options of rndc