Install bind9
BIND (Berkely Internet Name Domain) is a software for translating domain names into IP addresses.
Install it using command:
apt-get install bind9 bind9utils bind9-doc dnsutils
The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is/etc/bind/named.conf.
Configure Bind9
Open up the file /etc/bind/named.conf.local in any editor.
nano /etc/bind/named.conf.local
Add the following lines to define forward and reverse zone files.
zone "bodi.local" {
type master;
file "/etc/bind/for.bodi.local";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/rev.bodi.local";
};Save and close the file.
Create Zone Files
Now create the forward and reverse zone files which we defined in the above step.
1. Forward Zone file
Copy the existing zone file template /etc/bind/db.local to create a new forward zone file.
cp /etc/bind/db.local /etc/bind/for.bodi.local
Now edit the file /etc/bind/for.bodi.local,
nano /etc/bind/for.bodi.local
Change the contents as shown below and replace the domain name and ip address with your own.
$TTL 604800
@ IN SOA ns1.bodi.local. hostmaster.bodi.local. (
2006080501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Negative Cache TTL
; name servers - NS records
IN NS ns1.bodi.local.
IN NS ns2.bodi.local.
; domain mx, cname and A record
bodi.local. IN MX 1 aspmx.l.google.com.
bodi.local. IN MX 5 alt1.aspmx.l.google.com.
bodi.local. IN MX 5 alt2.aspmx.l.google.com.
bodi.local. IN MX 10 aspmx2.googlemail.com.
bodi.local. IN MX 10 aspmx3.googlemail.com.
bodi.local. IN A 192.168.1.200
www IN CNAME bodi.local.
; name servers - A records
ns1.bodi.local. IN A 192.168.1.200
ns2.bodi.local. IN A 192.168.1.200
2. Reverse Zone file
Copy the existing zone file template /etc/bind/db.127 to create a new reverse zone file.
cp /etc/bind/db.127 /etc/bind/rev.bodi.local
Now edit the file /etc/bind/rev.bodi.local,
$TTL 604800
@ IN SOA ns1.bodi.local. hostmaster.bodi.local. (
2016121301 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Negative Cache TTL
; name servers
IN NS ns1.bodi.local.
IN NS ns2.bodi.local.
; PTR Records
200.1 IN PTR ns1.bodi.local.
200.1 IN PTR ns2.bodi.local.
Save and close the file.
As you see in the above configuration, i increased the serial number for reverse zone file. For each change you should increase the reverse zone serial number as well.
Now restart bind9 service.
service bind9 restart
Test DNS Configuration and Zone Files
You can check the DNS configuration and zone files configuration for any syntax errors.
Check DNS configuration file using command:
named-checkconf /etc/bind/named.conf.local
If it returns nothing, your configuration file doesn’t have any syntax errors.
Check Forward Zone:
named-checkzone bodi.local /etc/bind/for.bodi.local
Sample Output:
zone bodi.local/IN: loaded serial 2 OK
Check Reverse Zone:
named-checkzone bodi.local /etc/bind/rev.bodi.local
Sample output:
zone bodi.local/IN: loaded serial 3 OK
Adjust iptables to allow DNS default port 53
First make sure that BIND9 is running on default port 53.
netstat -tulpn | grep :53
Sample output:
tcp 0 0 192.168.1.200:53 0.0.0.0:* LISTEN 4893/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4893/named tcp6 0 0 :::53 :::* LISTEN 4893/named udp 0 0 192.168.1.200:53 0.0.0.0:* 4893/named udp 0 0 127.0.0.1:53 0.0.0.0:* 4893/named udp 0 0 0.0.0.0:5353 0.0.0.0:* 2582/avahi-daemon: udp6 0 0 :::53 :::* 4893/named udp6 0 0 :::5353 :::* 2582/avahi-daemon:
Now let us open port 53 through iptables.
First Install iptables-persistent package using command:
apt-get install iptables-persistent
Open up the file /etc/iptables/rules.v4 using any editor,
nano /etc/iptables/rules.v4,
Add the rule to open port 53.
# Generated by iptables-save v1.4.14 on Tue Nov 5 13:20:11 2013 *filter :INPUT ACCEPT [468:43718] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [374:41531] :fail2ban-ssh - [0:0] -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh -A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT -A fail2ban-ssh -j RETURN -A fail2ban-ssh -j RETURN COMMIT # Completed on Tue Nov 5 13:20:11 2013
Start or restart iptables-persistent service.
service iptables-persistent restart
Now check port 53 is open or not using command:
iptables -L -n
Sample output:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (3 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0 RETURN all -- 0.0.0.0/0 0.0.0.0/0
As you see in the above command, port 53 is open. Now your local clients will be able to resolve hostnames.
Test Master DNS Server
Edit file /etc/resolv.conf,
nano /etc/resolv.conf
And add your Master DNS server details,
domain bodi.local search bodi.local nameserver 192.168.1.200
Reboot the system or restart the networking service.
service networking restart
Now let us check Master DNS server is working or not using the following commands:
Method 1:
dig master.bodi.local
Sample output:
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> master.bodi.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51823 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;master.bodi.local. IN A ;; ANSWER SECTION: master.bodi.local. 604800 IN A 192.168.1.200 ;; AUTHORITY SECTION: bodi.local. 604800 IN NS master.bodi.local. ;; Query time: 14 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Mon Nov 5 19:31:18 2013 ;; MSG SIZE rcvd: 104
Method 2:
dig -x master.bodi.local
Sample Output:
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x master.bodi.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48100 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;local.bodi.master.in-addr.arpa. IN PTR ;; Query time: 31 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Mon Nov 5 19:30:37 2013 ;; MSG SIZE rcvd: 51
Method 3:
dig bodi.local
Sample output:
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> bodi.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65339 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;bodin.local. IN A ;; ANSWER SECTION: bodi.local. 604800 IN A 192.168.1.200 ;; AUTHORITY SECTION: bodi.local. 604800 IN NS master.bodi.local. ;; ADDITIONAL SECTION: master.bodi.local. 604800 IN A 192.168.1.200 ;; Query time: 11 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Tue Nov 5 13:31:22 2013 ;; MSG SIZE rcvd: 152
Method 4:
dig -x bodi.local
Sample output:
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x bodi.local ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3681 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;local.bodi.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011029787 1800 900 604800 3600 ;; Query time: 1590 msec ;; SERVER: 192.168.1.200#53(192.168.1.200) ;; WHEN: Tue Nov 5 13:31:36 2013 ;; MSG SIZE rcvd: 112
Method 5:
nslookup bodi.local
Sample output:
Server: 192.168.1.200 Address: 192.168.1.200#53 Name: bodi.local Address: 192.168.1.200
Method 6:
host bodi.local
Sample output:
bodi.local has address 192.168.1.200 bodi.local has IPv6 address ::1
Method 7:
host master.bodi.local
Sample Output:
master.bodi.local has address 192.168.1.200
That’s it. Primary DNS server is ready and working.
source: unixmen.com
If you want to add another domain to the server just add the code below to certain file :
Open the file named.conf.local
nano /etc/bind/named.conf.local
Add the following lines to define forward and reverse zone files.
zone "bodi.local" {
type master;
file "/etc/bind/for.bodi.local";
};
zone "new.domain" {
type master;
file "/etc/bind/for.new.domain";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/rev.bodi.local";
};Save and close the file.
And then create a forward zone for new domain
nano /etc/bind/for.new.domain
Change the contents as shown below and replace the domain name and ip address with your own.
$TTL 604800
@ IN SOA ns1.bodi.local. hostmaster.new.domain. (
2006080501 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
3600 ) ; Negative Cache TTL
; name servers - NS records
IN NS ns1.bodi.local.
IN NS ns2.bodi.local.
; domain mx, cname and A record
new.domain. IN MX 1 aspmx.l.google.com.
new.domain. IN MX 5 alt1.aspmx.l.google.com.
new.domain. IN MX 5 alt2.aspmx.l.google.com.
new.domain. IN MX 10 aspmx2.googlemail.com.
new.domain. IN MX 10 aspmx3.googlemail.com.
new.domain. IN A 192.168.1.200
www IN CNAME new.domain.
; name servers - A records
; ns1.bodi.local. IN A 192.168.1.200
; ns2.bodi.local. IN A 192.168.1.200
Don’t forget to add this “new.domain” to resolv.conf
Edit file /etc/resolv.conf,
nano /etc/resolv.conf
And add your Master DNS server details,
domain new.domain domain bodi.local search bodi.local nameserver 192.168.1.200
Restart the Bind service.
service bind9 restart
Please add the forward zone for new domain exactly as shown above, specially at the name server records. And now you can replace an new.domain name server with ns1.bodi.local and ns2.bodi.local. Dont’t forget to change the domain and ip address.
Related Search
Tags: #ANSWER #AUTHORITY #debian #DNS #linux #LOCAL #QUERY #server
Related Post "Setup Bind9 On Debian"
