Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to setup bind on linux

BIND

How to setup bind on linux

by  jsauce  Posted    (Edited  )
NOTE: Though I tried to properly format the information that goes in the configuration files, Tek-tips tries to remove the leading tabs and spaces, so it may look a little funny. As I've said I've tried to fix that as best as I can. using the TGML
Code:
[tab]
tag I do not believe this tag really equals a normal tab. There is no
Code:
<pre></pre>
tags as there is in HTML so its very difficult indeed.
The rest of this document describes BIND.

This FAQ assumes you have root access to your linux machine, bind is installed, and also assumes you have some knowledge of the linux operating system.

Setting up Bind isn't really all that hard, though like many services in linux it can seem that way. The first thing you will need to do is su root. Once you have done this you can move on to the first step in configuring your own dns server using bind.

First change directory to /etc this should be where your named.conf file is located. Once you have entered that directory you should open up the named.conf file in your favorite editor. If it doesn't exist create it first.

Now you should be looking at the default config file, if it existed.
For the rest of this FAQ I will assume that named.conf was installed by default, however add the lines as needed.

You should see something like this :

options {

# The directory statement defines the name server's
# working directory

directory "/var/named";

We will want to leave this line alone as it is clear that this line contains the directory used for bind's configuration files. Looking down we want to get to:


listen-on port 53 { 127.0.0.1; };
forwarders {
192.168.0.2;
};
allow-query {
192.168.0.0/24;
};
};

Here you will want to modify it to whatever suits your needs, in this case I will want to forward all queries not found to a secondary server. You should change this to your isp's name servers. allow-query is used to tell bind who should be allowed to query the nameserver, in this case I have set it so that only clients on my network can access it, but you can change that to everyone by deleting it as it is the default to allow everyone access.

Continuing down the file you should find a set of lines that read like this:

zone "." IN {
type hint;
file "named.root";
};

This indicates the root and root server lists file. You should leave this alone. I'll explain later. Continuing down you will find another set of lines indicating the reverse zone for localhost lookups. You'll want to leave this alone and it will look something like this:


zone "0.0.127.in-addr.arpa" IN {
type master;
notify no;
file "named.local";
allow-update { none; };
};

Now technically we already have a cache only server configuration, but what I'm going to show you is how to setup your own domain. In this case I will use the example local.lan but you can apply it to any domain you want to setup. Now we are going to want to add our own set of lines that indicate our domain.

zone "local.lan" {
type master;
file "local.lan.hosts";
};

These lines indicate that I'm setting up my zone called local.lan, I'm indicating we are the master and the location we already specified above will host a file called local.lan.hosts that will contain the record for this domain.

We will also want to make sure that it resolves in reverse so we have to add another set of lines that look like this:

zone "168.192.in-addr.arpa" {
type master;
file "192.168.rev";
};

Now what makes this different is that this is a reverse dns lookup so we signify that by using the 168.192.in-addr.arpa line. Replace the 168.192 with the proper reverse zone for your ip address like my network is 192.168.0.0 so for me 168.192 works which you can see is the reverse. You can go further by making it 0.168.192, but because I route data over two network zones 192.168.0.0 and 192.168.1.0 I have simplified it by shortening it to accept everything in the 192.168 zone. Okay now that we have done this we are pretty much finished with this file, with the exception that if you wanted to add more domains you could do so.

Now save the file and exit. Now you will want to make sure that you linux server uses itself as the nameserver. You can do this by opening the resolv.conf file in the same /etc directory. You will want to remove all the nameserver entries and add a line:

nameserver 127.0.0.1

Now your linux machine will use itself to resolve domain addresses. Save and exit.

Now will need to create the zone files that named will use to resolve names and addresses. So you will need to change directory to the working directory you used in your named.conf file. In this example "/var/named"

You will then need to create a file with the name you specified in your named.conf file. In this example "local.lan.hosts"

local.lan.[tab][tab][tab][tab][tab][tab]IN[tab]SOA[tab]ns1.local.lan.[tab]jsauce.local.lan.[tab]
Code:
(
[tab][tab][tab][tab][tab]200102925[tab]; Serial
[tab][tab][tab][tab][tab]3600[tab][tab][tab] ; Refresh every hour
[tab][tab][tab][tab][tab]900[tab][tab][tab] ; Retry after 15 minutes
[tab][tab][tab][tab][tab]3600000[tab][tab]; Expire after 6 weeks
[tab][tab][tab][tab][tab]3600[tab][tab][tab] ; Minimum TTL 1 hour
[tab][tab][tab][tab][tab]
Code:
)

local.lan.[tab][tab][tab][tab][tab][tab]IN[tab]NS[tab]ns1.local.lan.
ns1.local.lan.[tab][tab][tab][tab] IN[tab]A[tab]127.0.0.1
router.local.lan.[tab][tab][tab] IN[tab]A[tab]192.168.0.254
linux-1.local.lan.[tab][tab][tab] IN[tab]A[tab]192.168.0.1
windows-1.local.lan.[tab][tab]IN[tab]A[tab]192.168.1.1

You can use the above example to create your own file, making changes as are needed for your network. You can see that jsauce.local.lan isn't in the file as a host entry this is because this is where the Administrator's email goes except unlike in most of the internet world where the username is proceeded by an @ here its proceeded by a . so
Code:
jsauce@local.lan
works as jsauce.local.lan. NOTE: You may have noticed that the domains end with a . This is intentional if they are to be fully-qualified names. However if you want the nameserver to assume that the host ends with the domain you provide, then forget the . To do this instead of specifying the host as linux.local.lan. you would specify it as linux, however this is not recommended.

You would make entries here based on the hosts you are going to have in your domain. As you can see I have four, this machine is marked as ns1.local.lan so I have set it to resolve to the localhost ip of 127.0.0.1.
The Serial field is a serial number for the zone, and is used by BIND to decide whether the data in the zone file has been changed since it last loaded it. Most people use a date format, which is very good since the date is a number which always changes. Note that you must change this number anytime you change the configuration.

Once you have finished modifying this file you your network specifications, save and exit. Now we will need to create the reverse zone, because dns doesn't really work unless domains can be looked up in reverse.

You will then need to create a file with the name you specified in your named.conf file. In this example "192.168.rev"

168.192.in-addr.arpa.[tab][tab][tab][tab][tab][tab]IN[tab]SOA[tab]ns1.local.lan.[tab]jsauce.magicguild.com.
Code:
(
[tab][tab][tab][tab][tab]200122935[tab]; Serial
[tab][tab][tab][tab][tab]3600[tab][tab][tab] ; Refresh every hour
[tab][tab][tab][tab][tab]900[tab][tab][tab] ; Retry after 15 minutes
[tab][tab][tab][tab][tab]3600000[tab][tab]; Expire after 6 weeks
[tab][tab][tab][tab][tab]3600[tab][tab][tab] ; Minimum TTL 1 hour
[tab][tab][tab][tab][tab]
Code:
)
168.192.in-addr.arpa.[tab][tab][tab][tab][tab][tab]IN[tab]NS[tab]ns1.local.lan.
254.0.168.192.in-addr.arpa.[tab][tab][tab] IN[tab]PTR[tab]linux.local.lan.
1.1.168.192.in-addr.arpa.[tab][tab][tab][tab] IN[tab]PTR[tab]windows-1.local.lan.
1.0.168.192.in-addr.arpa.[tab][tab][tab][tab] IN[tab]PTR[tab]linux-1.local.lan.

As you can see the file looks similar but its clearly not. You'll need to setup this zone file so that it corresponds with the data in the forward zone. Once you have done this you can save and exit.

You'll also want to create the reverse zone, giving it the name you specified in your named.conf, for your localhost entry like this:

0.0.127.in-addr.arpa.[tab][tab][tab][tab][tab][tab]IN[tab]SOA[tab]ns1.local.lan.[tab]jsauce.magicguild.com.
Code:
(
[tab][tab][tab][tab][tab]200124635[tab]; Serial
[tab][tab][tab][tab][tab]3600[tab][tab][tab] ; Refresh every hour
[tab][tab][tab][tab][tab]900[tab][tab][tab] ; Retry after 15 minutes
[tab][tab][tab][tab][tab]3600000[tab][tab]; Expire after 6 weeks
[tab][tab][tab][tab][tab]3600[tab][tab][tab] ; Minimum TTL 1 hour
[tab][tab][tab][tab][tab]
Code:
)
0.0.127.in-addr.arpa.[tab][tab][tab][tab][tab][tab]IN[tab]NS[tab]ns1.local.lan.
1.0.0.127.in-addr.arpa.[tab][tab][tab][tab][tab] IN[tab]PTR[tab]localhost.

Save and exit.

Now you will need to download the root server list from ftp://ftp.rs.internic.net/domain/named.root
save this file in the same working directory.

Now everything should be configured to work for you. You can now start the named process which should start something like this: etc/init.d/named start

You should also setup named to start at boot like this:

chkconfig --level 35 named on
chkconfig --level 01246 named off







Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top