Start with a stock installation of OpenBSD 4.9. During install, when asked about dns server, answer “127.0.0.1.”
1. Make log files:
touch /var/named/named.run touch /var/named/named_query.log touch /var/named/named_dump.db chown named:named /var/named/named.run chown named:named /var/named/named_query.log chown named:named /var/named/named_dump.db
2. Edit /etc/resolv.conf:
domain subdomain.domain.com lookup file bind nameserver 127.0.0.1
3. Edit /etc/rc/conf:
... named_flags="-t /var/named -u named -d 3" ...
4. Add forwarders to named.conf:
options {
...
forward only;
forwarders {
8.8.8.8;
8.8.4.4;
};
...
5. Start named to allow some preliminary dns resolution:
named -t /var/named -u named -d 3
6. Install nano, screen, and multitail:
export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/i386/ pkg_add -v nano-2.2.6.tgz pkg_add -v multitail-5.2.6.tgz pkg_add -v screen-4.0.3p2-static.tgz
7. Set up rndc
rndc-confgen | tee /etc/rndc.conf
Gets you this:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
ecret "YoUwiShIwoUldShOwUtHeKey";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "YoUwiShIwoUldShOwUtHeKey";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Paste the last (commented) lines into named.conf
8. Edit the logging configuration in named.conf:
logging {
channel query_info {
file "named_query.log" versions 3 size 10m;
severity debug;
print-category yes;
print-time yes;
};
category queries { query_info; };
category resolver { query_info; };
//category queries { null; };
category lame-servers { null; };
};
9. Add reverse zone /var/named/master/1.168.192.in-addr.arpa:
; zone file for 1.168.192.in-addr.arpa $TTL 3600 @ IN SOA ns1.subdomain.domain.com. root.ns1.subdomain.domain.com. ( 20060709 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ; Minimum ) IN NS ns1.subdomain.domain.com. IN NS ns2.subdomain.domain.com. 251 IN PTR ns1.subdomain.domain.com. 252 IN PTR ns2.subdomain.domain.com.
10. Add master zone, /var/named/master.subdomain.domain.com
; Zone file for subdomain.domain.com $TTL 3D @ IN SOA ns1.subdomain.domain.com. root.ns1.subdomain.domain.com. ( 20110507 ; serial# 3600 ; refresh 3600 ; retry 3600 ; expire 3600 ; minimum ) IN NS ns1.subdomain.domain.com. IN NS ns2.subdomain.domain.com. localhost A 127.0.0.1 ns1 A 192.168.1.251 ns2 A 192.168.1.252
11. Kill named and restart:
kill -9`cat /var/run/named.pid` named -t /var/named -u named -d 3
12. Check for errors
rndc status tail /var/log/messages
13. Set up monitoring console:
screen multitail -i /var/named/named_query.log -i /var/log/messages -l "tcpdump -i vic0 -ttt -n not '(port 22 or 80 or 110)'"
14. From now on after changes in named.conf or other config files, you only need to reload named:
rndc reload
Done, guey. Have a cold Modelo.
Thanks you for putting this HOWTO together, it was very useful when I needed to reconfigure my OpenBSD DNS server for my home network!
I sincerely appreciate your concise instructions. Thanks