User Tools

Site Tools


bdnog11:netsec:bind-installation

Lab Exercise 1 – BIND Installation

Objectives

Understand the concept of Domain Name System, particularly installation and setup of BIND DNS.

Background

For this lab, we will be using BIND, a free/open-source DNS application. Bind is the complete DNS software, which can be used as an authoritative or caching server or both. It is currently the most widely used DNS application on the Internet and is maintained by the Internet Services Consortium (ISC). The current version as of writing is BIND 9.14.9.

What You Need

  • DNS Bind:
    • Current version: Bind 9.14.9
  • OpenSSL
    • Current version: openssl-1.0.2h
  • Operating System (preferred): Linux
  • Optional Software: Unbound, NSD, PowerDNS

Steps

A. Access to the servers

Login to your assigned servers using a remote access tool (Terminal for Linux/Mac platform, or SSH software such as PuTTY for Windows).\\

ssh [email protected] (for group1)
password: training

B. Installing BIND

Add ISC Package Repository

sudo apt -y install software-properties-common
sudo add-apt-repository -y ppa:isc/bind
sudo apt -y update

Install bind9

sudo apt -y install bind9

Verify the installation. Find the location where named is installed.

which named

Check the version number. If there was a previous BIND installation, this will tell you whether it is pointing to the new installation or not.

/usr/sbin/named -V

The output will look something like bellow. Make sure that BIND compiled with SSL

BIND 9.14.9-Ubuntu (Stable Release) <id:623e23e>
running on Linux x86_64 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip2' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-7apSD3/bind9-9.14.9=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 7.4.0
compiled with OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
linked to OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with libjson-c version: 0.12.1
linked to libjson-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled

default paths:
  named configuration:  /etc/bind/named.conf
  rndc configuration:   /etc/bind/rndc.conf
  DNSSEC root key:      /etc/bind/bind.keys
  nsupdate session key: //run/named/session.key
  named PID file:       //run/named/named.pid
  named lock file:      //run/named/named.lock
  geoip-directory:      /usr/share/GeoIP
bdnog11/netsec/bind-installation.txt · Last modified: 2020/01/12 12:27 by Muhammad Moinur Rahman