rajaseelan.com » chroot http://rajaseelan.com junk food for the brain ... Tue, 28 Jul 2009 16:37:17 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Configure a Caching-Only Name Server in a Chroot Environment for Fedora 11 http://rajaseelan.com/2009/07/18/configure-a-caching-only-name-server-in-a-chroot-environment-for-fedora-11/ http://rajaseelan.com/2009/07/18/configure-a-caching-only-name-server-in-a-chroot-environment-for-fedora-11/#comments Sat, 18 Jul 2009 12:39:35 +0000 raja http://rajaseelan.com/?p=231 Having a caching only name-server on your local Machine speeds up your browsing. Here’s how to set up a slightly more secure caching server using ISC Bind in Fedora 11.

  1. Install bind and bind-chroot packages 
    # yum install bind bind-chroot
  2. Edit your /etc/sysconfig/named file. 
    # vim /etc/sysconfig/named

    Add the following line:

    ROOTDIR="/var/named/chroot"

  3. Edit your /etc/named.conf file. 
    # vim /etc/named.conf
  4. Change the following line: 
    listen-on port 53 { 127.0.0.1; };

    to

    listen-on port 53 { any; };

    This allows the bind daemon to listen on all your network IPs, not just your loopback(127.0.0.1) address.

  5. Change this line: 
    allow-query     { localhost; };

    to

    allow-query     { 192.168.0.0/24; };

    You now allow all the machines in your home LAN to use your DNS server.

  6. Make sure it starts at boot time. 
    # chkconfig named on

    Restart your DNS server.

    # service named restart
  7. Make sure its listening on the correct ports. 
    # netstat -ntupl | grep named

    In my case, the DNS server IP is 192.168.0.10. So, as seen here, the line udp 0 0 192.168.0.10:53 0.0.0.0:* 2851/named shows it is listening correctly.

  8. Then test your server from another machine in your network. Most probably another linux box or laptop. 
    # dig @192.168.0.10 google.com

    The dig command, with the ‘@’ instructs it to get the IP address for google.com from your newly set up server. On my machine, it looked like this:-

    [root@atreides ~]# dig @192.168.0.10 google.com
 
; < <>> DiG 9.6.1-RedHat-9.6.1-2.fc11 < <>> @192.168.0.10 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6515
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0
 
;; QUESTION SECTION:
;google.com.			IN	A
 
;; ANSWER SECTION:
google.com.		300	IN	A	74.125.127.100
google.com.		300	IN	A	74.125.45.100
google.com.		300	IN	A	74.125.67.100
 
;; AUTHORITY SECTION:
google.com.		171853	IN	NS	ns3.google.com.
google.com.		171853	IN	NS	ns1.google.com.
google.com.		171853	IN	NS	ns2.google.com.
google.com.		171853	IN	NS	ns4.google.com.
 
;; Query time: 82 msec
;; SERVER: 192.168.0.10#53(192.168.0.10)
;; WHEN: Sat Jul 18 20:14:59 2009
;; MSG SIZE  rcvd: 148

    Note the SERVER: line. that shows you the answer for the query came from my DNS server (192.168.0.10).

  9. Finally, set up your /etc/resolv.conf accordingly.

    On the server:

    nameserver 127.0.0.1

    And on all your other machines:

    nameserver 192.168.0.10
]]> http://rajaseelan.com/2009/07/18/configure-a-caching-only-name-server-in-a-chroot-environment-for-fedora-11/feed/ 5