Nethence Documentation Lab Webmail Your IP BBDock  


Those documents are obsolete, please use the Nethence Documentation instead.

HomeUnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigsPrivate

Setting up BIND v9
 
Introduction
Make sure it's BIND v9 you are using for this tutorial,
named -v
named -V
 
Minimal setup for local network with forwarding
The main configuration is located:
- on Slackware /etc/named.conf
- on FreeBSD /etc/namedb/named.conf (/etc/namedb is a symlink to /var/named/etc/namedb for chroot usage)
 
On Slackware,
directory=/var/named
localfw=CHECK
localrev=CHECK
on FreeBSD,
directory=/etc/namedb/working
localfw=/etc/namedb/master/localhost-forward.db
localrev=/etc/namedb/master/localhost-reverse.db
Note. the working directory needs to be writable, so it's pointing to an empty writable folder and we will use absolute path to point to the zone files...
 
DNS forwarders (here opendns),
nameserver1=208.67.222.222
nameserver2=208.67.220.220
 
Here's a minimal setup without views for named9,
cd BIND_CONF_FOLDER/ 
mv named.conf named.conf.dist
cat > named.conf <<EOF
options {
directory "$directory";
listen-on { 127.0.0.1; LOCAL_NETWORK_IP; };
listen-on-v6 {"none";};
forwarders {
$nameserver1;
$nameserver2;
};
// only query the forwarders, not the root servers
forward only;
allow-transfer { none; };
version "get lost";
};

zone "localhost" IN {
type master;
file "$localfw";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "$localrev";
allow-update { none; };
};
EOF
Note. disabling transferts (none) to another hosts (default is any).
Note. listening on localhost and local network interface.
Refs.
allow-transfer
6.1 Restricting zone transfers
recursion
Quelques options de configuration.
Ferme ton Bind !
 
Note. if you want to secure a little more the daemon (allowing queries from local network and localhost),
allow-query { 10.1.1.0/24; 127.0.0.1; };
allow-recursion { 10.1.1.0/24; 127.0.0.1; };
allow-query-cache { 10.1.1.0/24; 127.0.0.1; };
 
Check that everything is fine,
named-checkconf
named-checkzone localhost $localfw
named-checkzone 0.0.127.in-addr.arpa $localrev
 
Setting up a local zone (example.local 10.1.1)
Make sure your server's time is up to date (using date +%s as serial),
ntpdate ...
ntpd...
 
For a local zone, add to named.conf e.g.,
zone "example.local" in {
file "/etc/namedb/example.local";
type master;
};

zone "1.1.10.in-addr.arpa" {
file "/etc/namedb/10.1.1";
type master;
};
 
Get the short host name,
shost=${HOSTNAME%%.*}
echo $shost
 
An example.local forward zone file,
cat > example.local <<EOF
\$TTL 1D
@ 1D IN SOA $shost.example.local. postmaster.example.local. (
`date +%s` ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;
NS $shost.example.local.
host1 A 10.1.1.1 
host2 A 10.1.1.2 
;alias CNAME host1.example.local.
EOF
Note. careful there a escape on TTL here
 
An example.local reverse zone file,
cat > 10.1.1 <<EOF
\$TTL 1D
@ IN SOA $shost.example.local. postmaster.example.local. (
`date +%s` ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
NS $shost.example.local.
EOF
Note. careful there a escape on TTL here
 
You'll have to change the serial number at each modification of the zone files. I recommend using `date +%s` to get a unique and growing serial in time. Of course, the system clock needs to be up-to-date already.
 
Check (FreeBSD),
named-checkzone example.local /etc/namedb/example.local-forward
named-checkzone 1.1.10.in-addr.arpa /etc/namedb/example.local-reverse
 
Ready to go
Add a marker to the logs,
logger ' '
logger GOING TO \(RE\)START NAME DAEMON
logger ' '
 
Start the daemon. On Slackware,
/etc/rc.d/rc.bind start
on FreeBSD (also enabling chroot),
cd /etc/
cat >> rc.conf <<EOF
#
# DNS
#
named_enable=YES
named_flags="-4"
named_chrootdir="/var/named"
EOF9
/etc/rc.d/named start
 
Check the logs,
tail -f -30 /var/log/messages
 
Reload daemon configuration and all zones,
rndc reload
reload daemon configuration and only new zones,
rndc reconfig
 
An example output in the logs when 'reloading' the daemon,
Nov 29 16:05:04 bsd named[75968]: received control channel command 'reload'
Nov 29 16:05:04 bsd named[75968]: loading configuration from '/etc/namedb/named.conf'
Nov 29 16:05:04 bsd named[75968]: using default UDP/IPv4 port range: [49152, 65535]
Nov 29 16:05:04 bsd named[75968]: using default UDP/IPv6 port range: [49152, 65535]
Nov 29 16:05:04 bsd named[75968]: no IPv6 interfaces found
Nov 29 16:05:04 bsd named[75968]: sizing zone task pool based on 5 zones
Nov 29 16:05:04 bsd named[75968]: reloading configuration succeeded
Nov 29 16:05:04 bsd named[75968]: reloading zones succeeded
Nov 29 16:05:04 bsd named[75968]: all zones loaded
Nov 29 16:05:04 bsd named[75968]: running
 
Check that everything works,
netstat -a -f inet | grep domain
host host1.example.local localhost
host 10.1.1.1 localhost
host www.google.com localhost
 
Clean up the env variables used in this guide,
unset directory nameserver1 nameserver2
unset localfw localrev
 
Script to generate zone files
You may create a file in the traditionnal 'hosts' format and process it with something like this,
while read line; do
ip=`echo $line | awk '{print $1}'`
shost=`echo $line | awk '{print $2}'`

print "$shost IN A $ip" >> example.local

[[ -n `echo $ip | grep 192.168.1` ]] \
&& print "${ip##*.} PTR $shost.$domain." >> 192.168.1

[[ -n `echo $ip | grep 192.168.2` ]] \
&& print "${ip##*.} PTR $shost.$domain." >> 192.168.2
done < hosts
 
Additional notes
FreeBSD provides an empty zone file (master/empty.db) which is interesting,
$TTL 3h
@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
; Serial, Refresh, Retry, Expire, Neg. cache TTL

@ NS @

; Silence a BIND warning
@ A 127.0.0.1
EOF
 
An example localhost forward zone file (probably from Slackware),
$TTL 1D
$ORIGIN localhost.
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

1D IN NS @
1D IN A 127.0.0.1
 
An example localhost reverse zone file (probably from Slackware),
$TTL 1D
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.
 
References
http://www.basicconfig.com/slackware_linux_dns_server_setup
http://tldp.org/HOWTO/DNS-HOWTO-5.html
http://www.zytrax.com/books/dns/ch6/
http://www.daemonforums.org/showthread.php?t=4471
 

Last update: Nov 29, 2015