#!/bin/bash hvconfig_pre() { groupadd --system -f named hv_useradd --system -c BindOwner -g named -s /bin/false named install -d -m770 -o named -g named /srv/named } hvbuild_post() { # Enable the execute bit to prevent a warning when using ldd to check # library dependencies. chmod -v 0755 /usr/lib/lib{bind9,isc{,cc,cfg},lwres,dns}.so.*.?.? cd /srv/named mkdir -p dev etc/namedb/{pz,slave} usr/lib/engines var/run/named rm -f /srv/named/dev/null mknod /srv/named/dev/null c 1 3 rm -f /srv/named/dev/random mknod /srv/named/dev/random c 1 8 chmod 666 /srv/named/dev/{null,random} cp /etc/localtime etc touch managed-keys.bind # Needed to solve bug: # initializing DST: openssl failure cp -a /usr/lib/engines/libgost.so usr/lib/engines # Generation of a key for use in the named.conf and rdnc.conf files using # the rndc-confgen command. # If the option "-r /dev/random" is specified, the source of randomness is # the keyboard/mouse and the command will wait forever for input before # continuing. # A counterpart to /dev/random is /dev/urandom ("unlocked"/non-blocking # random) which reuses the internal pool to produce more pseudo-random # bits. This means that the call will not block, but the output may contain # less entropy than the corresponding read from /dev/random. rndc-confgen -b 512 -r /dev/urandom > /etc/rndc.conf # Creating the named.conf file from which named will read the location of # zone files, root name servers and secure DNS keys. sed '/conf/d;/^#/!d;s:^# ::' /etc/rndc.conf > /srv/named/etc/named.conf cat >> /srv/named/etc/named.conf << "EOF" options { directory "/etc/namedb"; pid-file "/var/run/named.pid"; statistics-file "/var/run/named.stats"; }; zone "." { type hint; file "root.hints"; }; zone "0.0.127.in-addr.arpa" { type master; file "pz/127.0.0"; }; // Bind 9 now logs by default through syslog (except debug). // These are the default logging rules. logging { category default { default_syslog; default_debug; }; category unmatched { null; }; channel default_syslog { syslog daemon; // send to syslog's daemon // facility severity info; // only send priority info // and higher }; channel default_debug { file "named.run"; // write to named.run in // the working directory // Note: stderr is used instead // of "named.run" // if the server is started // with the '-f' option. severity dynamic; // log at the server's // current debug level }; channel default_stderr { stderr; // writes to stderr severity info; // only send priority info // and higher }; channel null { null; // toss anything sent to // this channel }; }; EOF cat > /srv/named/etc/namedb/pz/127.0.0 << "EOF" $TTL 3D @ IN SOA ns.local.domain. hostmaster.local.domain. ( 1 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D) ; Minimum TTL NS ns.local.domain. 1 PTR localhost. EOF cat > /srv/named/etc/namedb/root.hints << "EOF" . 6D IN NS A.ROOT-SERVERS.NET. . 6D IN NS B.ROOT-SERVERS.NET. . 6D IN NS C.ROOT-SERVERS.NET. . 6D IN NS D.ROOT-SERVERS.NET. . 6D IN NS E.ROOT-SERVERS.NET. . 6D IN NS F.ROOT-SERVERS.NET. . 6D IN NS G.ROOT-SERVERS.NET. . 6D IN NS H.ROOT-SERVERS.NET. . 6D IN NS I.ROOT-SERVERS.NET. . 6D IN NS J.ROOT-SERVERS.NET. . 6D IN NS K.ROOT-SERVERS.NET. . 6D IN NS L.ROOT-SERVERS.NET. . 6D IN NS M.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4 B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201 C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12 D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90 E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10 F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241 G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4 H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53 I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17 J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30 K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12 M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 EOF chown -R named.named /srv/named # Bootscript install -v -m740 ${SCRDIR}/bootscripts/named /etc/rc.d/init.d # script-name start stop bootscript_add_rc3 named 25 65 sed -i -e "s/^\(DNS_SERVER_ENA=\).*/\1\"yes\"/" \ /etc/sysconfig/network/network-parameters }