Caching-only BIND nameserverCaching-only BIND nameserver

The following steps were used to create a caching-only BIND 9.2.2 nameserver on 
Solaris 8. Many of these steps may be applicable to other BIND releases and/or 
other architectures.

1. Download, extract, and install BIND.

wget ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz
gunzip -cd bind-9.2.2.tar.gz | tar xvf -
cd bind-9.2.2
./configure && make
su root -c "make install"

2. Create named user.

groupadd -g 53 named
useradd -c "BIND DNS daemon" -d /home/named -g named -u 53 -s /bin/false named

3. Create zone file directory.

mkdir -m 750 /var/named
chown named:named /var/named

4. Create BIND configuration file. BIND will look for zone files in /var/named, 
will create a PID file in /var/named/named.pid, and will listen only on the 
loopback interface.

vi /etc/named.conf

Add:

// BIND configuration file

options {
        directory       "/var/named";
        pid-file        "/var/named/named.pid";
        listen-on        { 127.0.0.1; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
};

zone "." in {
        type            hint;
        file            "named.ca";
};

zone "0.0.127.in-addr.arpa" in {
        type            master;
        file            "named.local";
};

5. Configure BIND for control with rndc.

/usr/local/sbin/rndc-confgen

rndc-confgen will write information to STDOUT that needs to be appended to 
/etc/rndc.conf and /etc/named.conf, respectively.

6. Create forward loopback zone file. Every nameserver should be authoritative 
for the forward loopback domain.

vi /var/named/localhost.zone

Add:

$TTL    86400
$ORIGIN localhost.
@                       1D IN SOA       @ root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        1D IN NS        @
                        1D IN A         127.0.0.1


7. Create reverse loopback zone file. Every nameserver should be authoritative 
for the reverse loopback domain.
If nslookup is unable to resolve the PTR record for 127.0.0.1, you will see the 
following errors:

*** Can't find server name for address 127.0.0.1: Server failed
*** Default servers are not available

vi /var/named/named.local

Add:

$TTL    86400
@       IN      SOA     localhost. root.localhost.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      localhost.

1       IN      PTR     localhost.

8. Create BIND startup/shutdown script. BIND will run as the non-privileged user 
named.

vi /etc/init.d/named

Add:

#!/bin/sh

case $1 in
'start' )
   /usr/local/sbin/named -u 53
   ;;
'stop' )
   /usr/local/sbin/rndc stop
   ;;
*)
   echo "usage: $0 {start|stop}"
esac

chmod 744 /etc/init.d/named
chown root:other /etc/init.d/named

8. Start BIND.

/etc/init.d/named start

Back to brandonhutchinson.com. 
Last modified: 05/14/2003