1. Full Control
2. Modify
3. Read and Execute
4. List Folder Contents
5. Read
6. Write
Table A
|
|
FC
|
M
|
R&E
|
LFC (folders only)
|
R
|
W
|
|
Full Control
|
P
|
|
|
|
|
|
|
Traverse Folder/Execute File
|
P
|
P
|
P
|
P
|
|
|
|
List Folder/Read Data
|
P
|
P
|
P
|
P
|
P
|
|
|
Read Attributes
|
P
|
P
|
P
|
P
|
P
|
|
|
Read Extended Attributes
|
P
|
P
|
P
|
P
|
P
|
|
|
Create Files/Write Data
|
P
|
P
|
|
|
|
P
|
|
Create Folders/Append Data
|
P
|
P
|
|
|
|
P
|
|
Write Attributes
|
P
|
P
|
|
|
|
P
|
|
Write Extended Attributes
|
P
|
P
|
|
|
|
P
|
|
Delete Subfolders and Files
|
P
|
|
|
|
|
|
|
Delete
|
P
|
P
|
|
|
|
|
|
Read Permissions
|
P
|
P
|
P
|
P
|
P
|
P
|
|
Change Permissions
|
P
|
|
|
|
|
|
|
Take Ownership
|
P
|
|
|
|
|
|
you can find original version of this document here:
http://blogs.techrepublic.com.com/networking/?p=734&tag=nl.e102
After installing bind , now it’s time to configure it :
# rndc-confgen -a -c /etc/namedb/rndc.conf -k rndc-key -b 256
# cat /etc/namedb/rndc.conf
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
key "rndc-key" {
algorithm hmac-md5;
secret "nqA/Qb5tdgT5sOZdbFP5n9zwL98aQ3Z30MAcEXKAa70=";
};
# cp /etc/namedb/named.conf /etc/namedb/named.conf.bak
# cat > /etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
allow-query { any; };
};
logging {
channel systemlog {
file "log/named.log";
severity debug;
print-time yes;
};
channel audit_log {
file "log/security.log";
severity debug;
print-time yes;
};
channel xfer_log {
file "log/xfer.log";
severity debug;
print-time yes;
};
category default { systemlog; };
category security { audit_log; systemlog; };
category config { systemlog; };
category xfer-in { xfer_log; };
category xfer-out { xfer_log; };
category notify { audit_log; };
category update { audit_log; };
category queries { audit_log; };
category lame-servers { audit_log; };
};
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "localhost.zone";
};
zone "1.0.0.127.in-addr.arpa" {
type master;
file "127.0.0.1.zone";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "nqA/Qb5tdgT5sOZdbFP5n9zwL98aQ3Z30MAcEXKAa70=";
};
# cd /etc/namedb/
# wget ftp://ftp.internic.net/domain/named.root
it’s time to edit /etc/rc.conf and add line's below to make sure BIND will start at reboot.
named_enable="YES"
named_program="/usr/local/sbin/named"
named_flags="-c /etc/namedb/named.conf"
named_pidfile="/var/run/named.pid"
and now you can start bind :
# /etc/rc.d/named start
*** Make sure you check the log files after starting named, to make sure it works without any problem .
------
if you want to host your own domain, you need to add the domain in named.conf, and create the zone file in /etc/namedb. The entry in your named config may look like this:
zone "nasser.net" {
type master;
file "nasser.net";
};
after this step , we need to create a file for this zone :
# cat > /etc/namedb/nasser.net
$ORIGIN .
$TTL 43200 ; 12 hours
@ IN SOA ns.nasser.net. info.nasser.net. (
2008110901 ; serial
28400 ; refresh
14400 ; retry
3600000 ; expire
86400 ; minimum
)
NS ns.nasser.net.
@ IN A 192.168.1.1
ns IN A 192.168.1.2
today after installing bind on freebsd , and configuring ipfw , i kept reciveing this message :
ipfw: install_state: Too many dynamic rules
after a little googleing i found out the problem .
Problem solved after i change following sysctl value:
sysctl net.inet.ip.fw.dyn_max=16384
echo “sysctl net.inet.ip.fw.dyn_max=16384″ >> /etc/sysctl.conf
default value is 4096 .
# cd /usr/ports/dns/bind95 && make install clean
# mkdir -p /var/chroot/named/etc/namedb/log
# mkdir -p /var/chroot/named/dev
# mkdir -p /var/chroot/named/var/run
# cd /var/chroot
# chown -R bind:bind named
# chmod 700 named
# cp /etc/localtime /var/chroot/named/etc
# cp /etc/namedb/named.root /var/chroot/named/etc/namedb/
# cd /var/chroot/named/dev
# mknod zero c 2 12
# ln -s /dev/random .
# mknod null c 2 2
# chmod 666 zero random null
# cd /etc
# mv namedb old.namedb
# ln -s /var/chroot/named/etc/namedb .
# rndc-confgen -a -c /etc/namedb/rndc.conf -k rndc-key -b 512
# vi /etc/rc.conf
named_enable="YES"
named_program="/usr/local/sbin/named"
named_chrootdir="/var/chroot/named"
named_flags="-c /etc/namedb/named.conf"
named_pidfile="/var/run/named.pid"
