Ok, I know I said in the last post that I was going to post these configs “later”. Well, it’s now 12 days later so I think it’s time to post them. Without further ado:
If you’re wondering “Why the hell didn’t he just put everything into a single named.conf file?”, I have a good reason. It’s Ubuntu’s fault! The BIND installation split the configs and I just stuck with that! Sure, I could just combine it all but I just went with the flow.
To help understand what some of the IP settings in the configs mean, here is my network setup:
Network: 192.168.10.0Domain: home.lanServer IP: 192.168.10.20 (DNS, DHCP & Domain Auth)Router (Gateway) IP: 192.168.10.1DHCP Range: 192.168.10.241 - 192.168.10.250Dynamic DNS updates require the TSIG key (SecDNS). The DHCP server uses the key to authenticate with BIND and update the local network zones. Client updates are ignored.The DNS server forwards unknown host request to OpenDNS.
I know it’s not “perfect” but it’s still being tweaked. See something I’m missing? Let me know in the comments!
I wish I would have gotten this posted sooner. Unfortunately, work has really picked up since the Chri….Winter Break. Things won’t be getting any better in February. That’s when my big project starts up. That project involves implementing the Cisco NAC in several schools. I can’t wait to get started on it because it will be a lot of fun learning how to operate it.
The urge to save humanity is almost always only a false-face for the urge to rule it. - H.L. Mencken
I wrote a 15-page PDF about securing Linux (using Ubuntu 7.10 as my test machine). I wrote and presented the paper at my local Linux User Group a couple weeks ago. Here’s the link if you’re interested:
You gave some great example config files, but there is still one part missing. What happened to the zone files “/etc/bind/home.lan.hosts” and “/etc/bind/192.168.10.rev”? Are they just empty? Or did you add stuff there too. I am not a real dns expert, but I am seeing messages like:
zone 10.168.192.in-addr.arpa/IN: has no NS recordszone 10.168.192.in-addr.arpa/IN: has 0 SOA records
Are those the files that get updated? Or is it /var/cache/bind that gets the updates? And do I need to worry about write permissions for bind on any of these config files?
The zone files were automatically created by the BIND server when I set up the zones. I didn’t do anything out of the ordinary with the basic operation of the DNS server, only setting security. I used some of the “Perfect Server” tutorials for Ubuntu Server on HowtoForge for setting up BIND and DHCP. Just do a search for “Perfect Server Ubuntu x.xx”, substitute the Ubuntu version for x.xx, on their site and you will get a very good walk through.
A couple of other links to tutorials I used can be found on my The Ubuntu home server post.
19.Jan.08 
Linux, Networking
I wrote a 15-page PDF about securing Linux (using Ubuntu 7.10 as my test machine). I wrote and presented the paper at my local Linux User Group a couple weeks ago. Here’s the link if you’re interested:
http://www.codyrester.com/hackproofinglinux.pdf
You gave some great example config files, but there is still one part missing. What happened to the zone files “/etc/bind/home.lan.hosts” and “/etc/bind/192.168.10.rev”? Are they just empty? Or did you add stuff there too. I am not a real dns expert, but I am seeing messages like:
zone 10.168.192.in-addr.arpa/IN: has no NS recordszone 10.168.192.in-addr.arpa/IN: has 0 SOA records
Are those the files that get updated? Or is it /var/cache/bind that gets the updates? And do I need to worry about write permissions for bind on any of these config files?
The zone files were automatically created by the BIND server when I set up the zones. I didn’t do anything out of the ordinary with the basic operation of the DNS server, only setting security. I used some of the “Perfect Server” tutorials for Ubuntu Server on HowtoForge for setting up BIND and DHCP. Just do a search for “Perfect Server Ubuntu x.xx”, substitute the Ubuntu version for x.xx, on their site and you will get a very good walk through.
A couple of other links to tutorials I used can be found on my The Ubuntu home server post.