Posts tagged chroot

Having a caching only name-server on your local Machine speeds up your browsing. Here’s how to set up a slightly more secure caching server using ISC Bind in Fedora 11.

1. Install bind and bind-chroot packages

   # yum install bind bind-chroot

2. Edit your /etc/sysconfig/named file.

   # vim /etc/sysconfig/named

   Add the following line:

   ROOTDIR="/var/named/chroot"

3. Edit your /etc/named.conf file.

   # vim /etc/named.conf

4. Change the following line:

   listen-on port 53 { 127.0.0.1; };

   to

   listen-on port 53 { any; };

   This allows the bind daemon to listen on all your network IPs, not just your loopback(127.0.0.1) address.

5. Change this line:

   allow-query     { localhost; };

   to

   allow-query     { 192.168.0.0/24; };

   You now allow all the machines in your home LAN to use your DNS server.

6. Make sure it starts at boot time.

   # chkconfig named on

   Restart your DNS server.

   # service named restart

7. Make sure its listening on the correct ports.

   # netstat -ntupl | grep named

   In my case, the DNS server IP is 192.168.0.10. So, as seen here, the line udp 0 0 192.168.0.10:53 0.0.0.0:* 2851/named shows it is listening correctly.

8. Then test your server from another machine in your network. Most probably another linux box or laptop.

   # dig @192.168.0.10 google.com

   The dig command, with the ‘@’ instructs it to get the IP address for google.com from your newly set up server. On my machine, it looked like this:-

   [root@atreides ~]# dig @192.168.0.10 google.com
    
   ; < <>> DiG 9.6.1-RedHat-9.6.1-2.fc11 < <>> @192.168.0.10 google.com
   ; (1 server found)
   ;; global options: +cmd
   ;; Got answer:
   ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6515
   ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0
    
   ;; QUESTION SECTION:
   ;google.com.			IN	A
    
   ;; ANSWER SECTION:
   google.com.		300	IN	A	74.125.127.100
   google.com.		300	IN	A	74.125.45.100
   google.com.		300	IN	A	74.125.67.100
    
   ;; AUTHORITY SECTION:
   google.com.		171853	IN	NS	ns3.google.com.
   google.com.		171853	IN	NS	ns1.google.com.
   google.com.		171853	IN	NS	ns2.google.com.
   google.com.		171853	IN	NS	ns4.google.com.
    
   ;; Query time: 82 msec
   ;; SERVER: 192.168.0.10#53(192.168.0.10)
   ;; WHEN: Sat Jul 18 20:14:59 2009
   ;; MSG SIZE  rcvd: 148

   Note the SERVER: line. that shows you the answer for the query came from my DNS server (192.168.0.10).

9. Finally, set up your /etc/resolv.conf accordingly.

   On the server:

   nameserver 127.0.0.1

   And on all your other machines:

   nameserver 192.168.0.10