RedHat 4 (ES) – Configuration

Conventions

I have adopted the following directory convention:

- All untouched downloads for software installed on the system

/usr/local/downloads

- Source builds (all .tar and other intermediate unpack files should be removed)

/usr/local/src

DNS Servers

BIND Requires something other than installed version of OpenSSL. So, build OpenSSL first.

Install OpenSSL

wget http://www.openssl.org/source/openssl-0.9.8d.tar.gz
gunzip openssl-0.9.8d.tar.gz
tar xf openssl-0.9.8d.tar.gz
cd openssl-0.9.8d

# These options are VITAL to make the BIND build work

./config –prefix=/usr/local –openssldir=/usr/local/openssl
make
sudo make install

Install BIND

wget http://ftp.isc.org/isc/bind9/9.3.2-P1/bind-9.3.2-P1.tar.gz
gunzip bind-9.3.2-P1.tar.gz
tar xf bind-9.3.2-P1.tar
cd bind-9.3.2-P1

# These options are VITAL to make the build work with the correct version of OpenSSL
./configure –prefix=/usr/local –sysconfdir=/etc –localstatedir=/var –disable-threads –with-openssl=/usr/local
make
sudo make install

Configure BIND

# Startup command to run ‘named’ as a daemon
# Need to investigate whether any of the options are really needed.
/usr/local/sbin/named -4 -c /etc/named.conf

# Install startup script into Linux system startup – init.d model
# The startup file is in source control under …

#/sbin/chkconfig –levels 35 named on
Configure BIND

# Configuration files are stored in source control under ……

/etc/named.conf
/var/named/master/*

# Create required directories – make sure the directories and files are only root-readable – i.e. mode ’700′

/var/named
/var/named/master
/var/named/data
/var/named/keys

# Generate keys and paste into appropriately named key files in /var/named/keys

/usr/local/sbin/rndc-confgen -k rndc-local.key
/usr/local/sbin/rndc-confgen -k rndc-internal.key

# Paste output that looks like the following into /var/named/keys/rndc-local.key and /var/named/keys/rndc-internal.key

#key “rndc-local.key” {
#       algorithm hmac-md5;
#        secret “v0TXaA6JvrUM4v/1hYpGOQ==”;
#};

Add a line to /etc/hosts similar to:

10.1.10.50      eng.helium.com

Make sure that /etc/resolv.conf starts with a line similar to

nameserver 10.1.10.50

Make sure that /etc/nsswitch.conf  has a line similar to

hosts:      files dns

in which ‘files’ precedes ‘dns’

Run BIND

# Startup command to run ‘named’ as a daemon
# Need to investigate whether any of the options are really needed.
/usr/local/sbin/named -4 -c /etc/named.conf

# Install startup script into Linux system startup – init.d model
# The startup file is in source control under …

#/sbin/chkconfig –levels 35 named on

Bind on RedHat

BIND on RedHat – I

BIND on RedHat – 2

These instructions worked except for the points noted below. You must change the serial number in the zone file initially and after every subsequent change else BIND will not see the changes.

Serial numbers must increase and not exceed a maximum – easiest is to use YYYYMMDDNN format. If you use this format and edit with emacs, emacs automatically increments the number for you.

Also, zone file changes have to be copied from /var/named to /var/named/chroot/var/named.

Start/stop/reload bind service

/etc/init.d/named [start|stop|reload]

RedHat Linux Version

To display OS version at prompt type:

cat /etc/redhat-release