step 3: install bind (DNS software) and enable SELinux

I always like to install bind first, because this allows me to initialize the DNS transfer of my domain(s) name(s) which takes time, after the setup of bind and while waiting for the DNS transfer to occur, i have time to install and configure other things like the server software (apache / nginx) and the database (mysql / mongo db).

check if bind is installed

First check if bind (Berkeley Internet Name Domain is a domain name service software) is not already installed, to get a list of all the installed packages type:


# yum list installed |more

(press enter to see more and more packages, or if you found what you were searching for and want to leave the list press the "q" key)

or to check only for bind type:


# yum list bind

or you can use this command to list the bind rpm packages:


# rpm -qa bind*

if bind is listed under "Installed Packages" there is no need to install it

install bind

if bind is not already installed type:


# yum install bind bind-chroot bind-libs bind-utils caching-nameserver

this will install the chrooted version of bind (and all required dependencies)

### if possible you should use bind-chroot and selinux policies to secure bind and make it harder for hackers to exploit a vulnerability in your bind installation * selinux (Security-Enhanced Linux) is security tool for Linux operating systems, it adds a mandatory access controls (MAC) security mechanism to your system * chroot a tool that is chrooted can not access files that are outside of directory this article explains why to use bind-chroot and selinux in combination ###

to check if selinux is enabled type:


# sestatus

the command will return one of the following values:

Enforcing, Permissive, or Disabled

If the selinux mode is disabled you should enable it

enable selinux

you need to find the selinux configuration file, mine is located at:

/etc/selinux/config

to avoid loosing our original file, we do a copy of it before editing it, using the "cp" (= copy) command:


# cp /etc/selinux/config /etc/selinux/config.original

now we use the "vi" tool, which is a file editor, to edit the selinux configuration file to change the mode from disabled to permissive:


# vi /etc/selinux/config

move your cursor down to this line, then press the "i" key to edit it:

SELINUX=disabled

to:

SELINUX=permissive

now press the "ESC" escape key to leave the insert mode

to save your file type:

:x!

we set the mode to permissive and not enabled first, because we don't want to prevent our system from rebooting correctly we have to reboot our system so that selinux can relabel our files, labels are how security contexts are associated with files

now that you are back to the command prompt, must tell selinux to relabel your files and also reboot your system, the files will get relabeld on reboot:


# touch /.autorelabel; reboot

your putty session will be closed, wait a little bit, then restart putty and reconnect to your machine

now check if selinux did deny any actions during reboot, type the following command:


# grep "SELinux is preventing" /var/log/messages

if no results are show everything should be ok

more about selinux can be found in the centos documentation