I am rebuilding out a lab environment and I installed BIND and attempted to run through everything from memory (instead of running my script or reading my docs...). BIND was operating "fine", but I noticed that named was consuming around 123% of a CPU.
There are a few things that I had not done, and in hindsight, I wish there was a simple how-to on the "correct" way to implement BIND in a best-practices way. Instead of everyone posting how they did it... (one such example is a person that simply does a chmod 777 to get things rolling...).
So -keep in mind that this is for my private lab...
Anyhow - in summary:
There are a few things that I had not done, and in hindsight, I wish there was a simple how-to on the "correct" way to implement BIND in a best-practices way. Instead of everyone posting how they did it... (one such example is a person that simply does a chmod 777 to get things rolling...).
So -keep in mind that this is for my private lab...
Anyhow - in summary:
yum -y install bind-chroot
chkconfig named on
cp /etc/named.conf /etc/named.conf.orig
mv /etc/named.conf /var/named/chroot/etc/
echo 'OPTIONS="-4"' >> /etc/sysconfig/named
rndc-confgen -a -c /etc/rndc.key
chmod 755 /etc/rndc.key
cat /etc/rndc.key >> /var/named/chroot/etc/named.conf
sed -i -e 's/127.0.0.1/any/g' /var/named/chroot/etc/named.conf
sed -i -e 's/localhost/any/g' /var/named/chroot/etc/named.conf
cp -R /usr/share/doc/bind-9.?.?/sample/var/named/* /var/named/chroot/var/named/
touch /var/named/chroot/var/named/data/cache_dump.db
touch /var/named/chroot/var/named/data/named_stats.txt
touch /var/named/chroot/var/named/data/named_mem_stats.txt
touch /var/named/chroot/var/named/data/named.run
mkdir /var/named/chroot/var/named/dynamic
touch /var/named/chroot/var/named/dynamic/managed-keys.bind
chown -R named:named /var/named/chroot/*
chmod -R 775 /var/named/chroot/var
restorecon -RFvv /var/named
service named start
tail -f /var/log/messages
EDIT: Apparently the culprit was
chgrp named /var/named/chroot/var/named/dynamic/*
chkconfig named on
cp /etc/named.conf /etc/named.conf.orig
mv /etc/named.conf /var/named/chroot/etc/
echo 'OPTIONS="-4"' >> /etc/sysconfig/named
rndc-confgen -a -c /etc/rndc.key
chmod 755 /etc/rndc.key
cat /etc/rndc.key >> /var/named/chroot/etc/named.conf
sed -i -e 's/127.0.0.1/any/g' /var/named/chroot/etc/named.conf
sed -i -e 's/localhost/any/g' /var/named/chroot/etc/named.conf
cp -R /usr/share/doc/bind-9.?.?/sample/var/named/* /var/named/chroot/var/named/
touch /var/named/chroot/var/named/data/cache_dump.db
touch /var/named/chroot/var/named/data/named_stats.txt
touch /var/named/chroot/var/named/data/named_mem_stats.txt
touch /var/named/chroot/var/named/data/named.run
mkdir /var/named/chroot/var/named/dynamic
touch /var/named/chroot/var/named/dynamic/managed-keys.bind
chown -R named:named /var/named/chroot/*
chmod -R 775 /var/named/chroot/var
restorecon -RFvv /var/named
service named start
tail -f /var/log/messages
EDIT: Apparently the culprit was
chgrp named /var/named/chroot/var/named/dynamic/*
Comments
Post a Comment