Split-DNS: dedicated named user recommended?

[john99]

Hello,

I am in the process of setting up Split-DNS (under Ubuntu for the NE- and under Debian
for the OSS-version. No, we are not going to run them at the same time :-)



I am wondering why the following document recommends "to make sure that yourdomain.com.zone (Redhat?)
is owned by named, not root"
( Making Zimbra & BIND Work Together » Zimbra :: Blog )


but in the following installation HowTo(Ubuntu), that matter is not even mentioned....

Ubuntu 6.06 Server (Dapper Drake) Beginner's Install Guide - Zimbra :: Wiki
Ubuntu 8.04 LTS Server (Hardy Heron) Install Guide - Zimbra :: Wiki


2.
Is it in Ubuntu- and Debain-environments recommended to add a dedicated user? How should that user be named?



Thank you very much!

John

[phoenix]

Install it as whatever user you like, except root, that's your choice.

[john99]

Quote:

Originally Posted by phoenix

Install it as whatever user you like, except root, that's your choice.

Wow phoenix, that was nearly realtime :-)

Ups, I already installed bind9 at the same time as the OS (as root :-)... Since I am not very confident
with Linux access right, it would probably be easier to remove bind9 at all and to re-install in in an
other user context. Even re-installing the whole OS would be not problem at this point in time..

What would you suggest?


Thank's a lot!

John

[phoenix]

If you're using your distributions package manager then it will usually(?) install it as a different user, on my CentOS system it gets installed as the 'named' user. You might also want to see if there's a chroot version in your distribution and install that. Are you actually sure that BIND (named) is installed as the root user or are you just assuming that because you installed it when you did the initial install?

[john99]

Thanks for the promt reply.

Ok, i reinstalled the OS(Debian for the nameserver), added the user "named"
finished the OS installation and rebooted the machine.

Then:
Login to the system as user named
(since I could not install bind9 in this user context, i did su)
# su
/home/named
# apt-get install bind9


Is this approach correct ?


Thank's a lot for any help!

John

[phoenix]

When you need to become root you should always use the "su -" format, the hyphen is important and sets the user environment correctly. Yes, installing software as root is the normal way to it.

If you're not used to managing a server then you'd probably find using Webmin a good option, have a look at this page: Webmin Installation and Configuration in Debian and Ubuntu Linux -- Debian Admin Webmin is a useful web interface for managing your server, I'd suggest you install it and become familiar with it.

You should be able to see if you have the named group with the following:

Code:

goups named

and see which user named is running with (obviously, start it first):

Code:

ps aux | grep named

[john99]

Quote:

Originally Posted by phoenix

When you need to become root you should always use the "su -" format, the hyphen is important and sets the user environment correctly.[/CODE]

Thanks this way it seems to work. At least no bind error message is showed during starting the OS (unlike before) :-)

Quote:

Originally Posted by phoenix

You should be able to see if you have the named group with the following:

Code:

goups named

and see which user named is running with (obviously, start it first):
[/CODE]

Seems the following output to be ok?
named dialout cdrom floppy audio viedeo player


Hopefully the last question:
Should the Split-DNS related files (/etc/resolv.conf, named.conf.options, db.mydomain.com) be edited as user "root" or as user "named" an su - ?

Thank's a lot!

John

[phoenix]

I'm not a debian user but I've just installed it on a VM and apparently the user & group for BIND is actually 'bind'. The answer to your question is yes, they should be edited by root. You should not normally switch to the root user but rather use sudo to run a root command (but I'm sure you know this already).