DNS server: BIND

Table of Contents

Configuration
named.conf
Zones
Logging

Configuration

by ross at 16:56:59 on March 20, 2014
  • Zone: local (192.168.10.0/24)
  • Server: 192.168.10.1 (coffin.lan)
  • Allow updates from 127.0.0.1 using key (needed for dhcpd)

Setup

Install Bind:

# cd /usr/ports/dns/bind99
# make install clean

Add to /etc/rc.conf:

named_enable="YES"

Create rndc configuration file.

# cd /usr/local/etc/namedb
# rndc-confgen > rndc.conf
# chmod 440 rndc.conf

Copy key declaration from rndc.conf to file named.key.

For example, if rndc.conf looks like this:

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "ymPUaozkpUpq3jwVXYdsXQ==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "ymPUaozkpUpq3jwVXYdsXQ==";
# };
# 
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

Then named.key should look like this:

key "rndc-key" {
      algorithm hmac-md5;
      secret "ymPUaozkpUpq3jwVXYdsXQ==";
};

Adjust permissions:

# chown -R bind:bind /usr/local/etc/namedb
# chmod 440 named.key
# chmod 440 rndc.conf

 

Comments