HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_242
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 242 · To verify if BIND/DNS is running as user “named” with the new arguments, use the following command: [root@deep /]# ps auxw | grep named named 11446 0.0 1.2 2444 1580 ? S 23:09 0:00 /chroot/named/usr/sbin/named -t /chroot/named/ - unamed -gnamed The first column should be “named”, which is the UID named daemon is running under. The end of the line should be “named -t /chroot/named/ -unamed -gnamed” which is the new arguments. Cleanup after work [root@deep /]# rm -rf /var/tmp/src bind-src.tar.gz Will remove the source file and tar archive we have used to compile and install BIND/DNS. Further documentation For more details, there are several man pages you can read: $ man dnsdomainname (1)   - show the system's DNS domain name $ man dnskeygen (1) - generate public, private, and shared secret keys for DNS Security $ man dnsquery (1) - query domain name servers using resolver $ man named (8) - Internet domain name server (DNS) DNS Administrative Tools The commands listed bellows are some that we use often in our regular use but much more exist and you must check the man page and documentation for more details and information. dig The “dig” command utility (domain information groper) can be used to update your “db.cache file by telling your server where the servers for the “root” zone are. When the server knows about the location of these zones, it queries a new “db.cache” from it. The root name servers do not change very often, but they do change. A good practice is to update your “db.cache file every month or two. · Use the following command to query a new  db.cache file for your DNS Server: [root@deep /]# dig @.aroot-servers.net . ns > db.cache Copy the db.cache file to /var/named/ after retrieving it. [root@deep /]# cp db.cache /var/named/ Where @.aroot-servers.net is the address of the root server for query the new db.cache file and db.cache file is the name of your new db.cache file. ndc The “ndc” command utility of BIND/DNS allows the system administrator to control interactively via terminal the operation of a name server. · Type ndc on your terminal and then help to see help on different command. [root@deep /]# ndc Type   help  -or-   /h   if you need help. ndc> help getpid status  stop exec reload [zone] ... reconfig (just sees new/gone zones)