Location:

Mirror Document: GR NL

ISC BIND 9 can be downloaded from the ISC FTP-Server at ftp.isc.org.
The software comes in a Tarball-archive compressed with GZIP and is about 4.500 Kbytes in size.

The archive can be extracted using the following command:

tar xfz bind-9.x.x.tar.gz

We recommend to create a "build"-directory or use the /tmp directory to extract the archive there.

• Compilation of the Bind sourcecode
  The easiest and recommended way to compile the software (according to the README) is to use the commands:
  
  /configure; make; make install
  
  To configure the ORSN servers had done or will do the following:
  
  ./configure --prefix=/usr --enable-threads --with-openssl --enable-ipv6 --enable-libbind
make install
  
  After successfull compilation of the software you should find a binary called named in the directory /usr/sbin/
  Additional tools for signing DNS zones and controlling of the Bind 9 can be found under /usr/bin/
  
  Further details regarding installation of the Bind 9 software can be found in the included README file.
  

• Configuration (named.conf)
  The following configuration is an example of the settings used for the ORSN root servers. The orginal files are
  also containing some details regarding DNSSEC and some more information.
  
  
  

  1: # ORSN Root Server Configuration - BIND 9 (Example) 2: # Template Version 3 (2003/05/28) 3: 4: acl "bogon" { 5: // Filter out the bogon networks. These are networks 6: // listed by IANA as test, RFC1918, Multicast, experi- 7: // mental, etc. If you see DNS queries or updates with 8: // a source address within these networks, this is likely 9: // of malicious origin. CAUTION: If you are using RFC1918 10: // netblocks on your network, remove those netblocks from 11: // this list of blackhole ACLs! 12: 0.0.0.0/8; 13: 1.0.0.0/8; 14: 2.0.0.0/8; 15: 5.0.0.0/8; 16: 7.0.0.0/8; 17: 10.0.0.0/8; 18: 23.0.0.0/8; 19: 27.0.0.0/8; 20: 31.0.0.0/8; 21: 36.0.0.0/8; 22: 37.0.0.0/8; 23: 39.0.0.0/8; 24: 41.0.0.0/8; 25: 42.0.0.0/8; 26: 49.0.0.0/8; 27: 50.0.0.0/8; 28: 58.0.0.0/8; 29: 59.0.0.0/8; 30: 70.0.0.0/8; 31: 71.0.0.0/8; 32: 72.0.0.0/8; 33: 73.0.0.0/8; 34: 74.0.0.0/8; 35: 75.0.0.0/8; 36: 76.0.0.0/8; 37: 77.0.0.0/8; 38: 78.0.0.0/8; 39: 79.0.0.0/8; 40: 85.0.0.0/8; 41: 86.0.0.0/8; 42: 87.0.0.0/8; 43: 88.0.0.0/8; 44: 89.0.0.0/8; 45: 90.0.0.0/8; 46: 91.0.0.0/8; 47: 92.0.0.0/8; 48: 93.0.0.0/8; 49: 94.0.0.0/8; 50: 95.0.0.0/8; 51: 96.0.0.0/8; 52: 97.0.0.0/8; 53: 98.0.0.0/8; 54: 99.0.0.0/8; 55: 100.0.0.0/8; 56: 101.0.0.0/8; 57: 102.0.0.0/8; 58: 103.0.0.0/8; 59: 104.0.0.0/8; 60: 105.0.0.0/8; 61: 106.0.0.0/8; 62: 107.0.0.0/8; 63: 108.0.0.0/8; 64: 109.0.0.0/8; 65: 110.0.0.0/8; 66: 111.0.0.0/8; 67: 112.0.0.0/8; 68: 113.0.0.0/8; 69: 114.0.0.0/8; 70: 115.0.0.0/8; 71: 116.0.0.0/8; 72: 117.0.0.0/8; 73: 118.0.0.0/8; 74: 119.0.0.0/8; 75: 120.0.0.0/8; 76: 121.0.0.0/8; 77: 122.0.0.0/8; 78: 123.0.0.0/8; 79: 124.0.0.0/8; 80: 125.0.0.0/8; 81: 126.0.0.0/8; 82: 127.0.0.0/8; 83: 169.254.0.0/16; 84: 172.16.0.0/12; 85: 173.0.0.0/8; 86: 174.0.0.0/8; 87: 175.0.0.0/8; 88: 176.0.0.0/8; 89: 177.0.0.0/8; 90: 178.0.0.0/8; 91: 179.0.0.0/8; 92: 180.0.0.0/8; 93: 181.0.0.0/8; 94: 182.0.0.0/8; 95: 183.0.0.0/8; 96: 184.0.0.0/8; 97: 185.0.0.0/8; 98: 186.0.0.0/8; 99: 187.0.0.0/8; 100: 189.0.0.0/8; 101: 190.0.0.0/8; 102: 192.0.2.0/24; 103: 192.168.0.0/16; 104: 197.0.0.0/8; 105: 223.0.0.0/8; 106: 224.0.0.0/3; 107: }; 108: 109: options { 110: directory "/var/named/"; 111: version "[A-M].ORSN-SERVERS.NET"; 112: recursion no; 113: notify no; 114: statistics-file "stats-named.log"; 115: pid-file "/var/run/named.pid"; 116: listen-on { a.b.c.d; }; 117: 118: # listen-on-v6 { any; }; // optional 119: # allow-v6-synthesis { any; }; // optional 120: 121: query-source address a.b.c.d port 53; 122: transfer-source a.b.c.d; 123: 124: # transfer-source-v6 [IPv6-address] port 53; // optional 125: # notify-source-v6 [IPv6-address]; // optional 126: 127: allow-query { any; }; 128: allow-transfer { a.b.c.d; }; 129: 130: transfer-format many-answers; 131: 132: blackhole { 133: "bogon"; 134: }; 135: }; 136: 137: logging { 138: 139: channel logSecurity { 140: file "log/security"; 141: severity debug; 142: print-time yes; 143: print-category yes; 144: print-severity yes; 145: }; 146: 147: channel logXferin { 148: file "log/xferin"; 149: severity debug; 150: print-time yes; 151: print-category yes; 152: print-severity yes; 153: }; 154: 155: channel logXferout { 156: file "log/xferout"; 157: severity debug; 158: print-time yes; 159: print-category yes; 160: print-severity yes; 161: }; 162: 163: channel logConfig { 164: file "log/config"; 165: severity debug; 166: print-time yes; 167: print-category yes; 168: print-severity yes; 169: }; 170: 171: channel logQueries { 172: file "log/queries"; 173: severity debug; 174: print-time yes; 175: print-category yes; 176: print-severity yes; 177: }; 178: 179: category security { logSecurity; }; 180: category xfer-in { logXferin; }; 181: category xfer-out { logXferout; }; 182: category config { logConfig; }; 183: category queries { logQueries; }; 184: }; 185: 186: key "rndc-key" { 187: algorithm hmac-md5; 188: secret "[RNDC key data]"; 189: }; 190: 191: ## TSIG (Hidden Master) 192: 193: key "[AUTH0-KEY]" { 194: algorithm hmac-md5; 195: secret "<Your ORSN server key>"; 196: }; 197: 198: server a.b.c.d { // Use TSIG for AXFR/IXFR (Hidden Master) 199: keys { "[AUTH0-KEY]"; }; 200: }; 201: 202: ## 203: 204: controls { 205: inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; 206: }; 207: 208: zone "." { 209: type slave; 210: file "root.zone"; 211: masters { a.b.c.d; }; 212: }; 213: 214: zone "ARPA" { 215: type slave; 216: file "arpa.zone"; 217: masters { a.b.c.d; }; 218: }; 219: 220: zone "IN-ADDR.ARPA" { 221: type slave; 222: file "inaddr.zone"; 223: masters { a.b.c.d; }; 224: }; 225: 226: # 227: # End of named.conf 228: # 229: