GuidePedia

0
Configure DNS server which resolves domain name or IP address. BIND uses 53/TCP,UDP.
[1] Install BIND 9
root@dlp:~#
aptitude -y install bind9 bind9utils
[2] Configure BIND.
This example is set with grobal IP address [172.16.0.80/29], Private IP address [10.0.0.0/24], Domain name [server.world]. However, Please use your own IPs and domain name when you set config on your server. ( Actually, [172.16.0.80/29] is for private IP address, though. )
root@dlp:~#
vi /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
# comment out

#
include "/etc/bind/named.conf.default-zones";
# add

include "/etc/bind/named.conf.internal-zones";
include "/etc/bind/named.conf.external-zones";
root@dlp:~#
vi /etc/bind/named.conf.internal-zones
 
# create new
# define for internal section

view "internal" {
        match-clients {
                localhost;
                10.0.0.0/24;
        };
# set zone for internal

        zone "server.world" {
                type master;
                file "/etc/bind/server.world.lan";
                allow-update { none; };
        };
# set zone for internal *note

        zone "0.0.10.in-addr.arpa" {
                type master;
                file "/etc/bind/0.0.10.db";
                allow-update { none; };
        };
        include "/etc/bind/named.conf.default-zones";
};

root@dlp:~#
vi /etc/bind/named.conf.external-zones
 
# create new
# define for external section

view "external" {
# define for external section

        match-clients { any; };
# allow any query

        allow-query { any; };
# prohibit recursions

        recursion no;
# set zone for external

        zone "server.world" {
                type master;
                file "/etc/bind/server.world.wan";
                allow-update { none; };
        };
# set zone for external *note

        zone "80.0.16.172.in-addr.arpa" {
                type master;
                file "/etc/bind/80.0.16.172.db";
                allow-update { none; };
        };
};

# *note : For How to write for reverse resolving, Write network address reversely like below 10.0.0.0/24 For the case of 10.0.0.0/24 For 10.0.0.0/24
network address
⇒ 10.0.0.0

network range
⇒ 10.0.0.0 - 10.0.0.255

how to write
⇒ 0.0.10.in-addr.arpa
For 172.16.0.80/29
network address
⇒ 172.16.0.80

network range
⇒ 172.16.0.80 - 172.16.0.87

how to write
⇒ 80.0.16.172.in-addr.arpa
[3] Limit ranges you allow to access if needed.
root@dlp:~#
vi /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.
// forwarders {

//       0.0.0.0;

// };
# query range you allow

allow-query { localhost; 10.0.0.0/24; };

# the range to transfer zone files

allow-transfer { localhost; 10.0.0.0/24; };

# recursion range you allow

allow-recursion { localhost; 10.0.0.0/24; };
dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035

# change if not use IPV6

listen-on-v6
{ none; };

};
-----------------------------------------------------------------------------------------------------------
Set Zone Info:---

Create zone files that servers resolve IP address from domain name.
 
[1]
For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.
root@dlp:~#
vi /etc/bind/server.world.lan
$TTL 86400
@   IN  SOA     dlp.server.world. root.server.world. (
        2014041801  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
# define name server

        IN  NS      dlp.server.world.
# define name server's IP address

        IN  A       10.0.0.30
# define mail exchanger

        IN  MX 10   dlp.server.world.

# define IP address of a hostname

dlp     IN  A       10.0.0.30
[2]
For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.
root@dlp:~#
vi /etc/bind/server.world.wan
$TTL 86400
@   IN  SOA     dlp.server.world. root.server.world. (
        2014041801  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
# define name server

        IN  NS      dlp.server.world.
# define name server's IP address

        IN  A       172.16.0.82
# define mail exchanger

        IN  MX 10   dlp.server.world.

# define IP address of a hostname

dlp     IN  A       172.16.0.82
Address Resolution
  Create zone files that servers resolve domain names from IP address.
 
[3]
For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.
root@dlp:~#
vi /etc/bind/0.0.10.db
$TTL 86400
@   IN  SOA     dlp.server.world. root.server.world. (
        2014041801  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
# define name server

        IN  NS      dlp.server.world.

# define the range of this domain included

        IN  PTR     server.world.
        IN  A       255.255.255.0

# define hostname of an IP address

30      IN  PTR     dlp.server.world.
[4]
For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.
root@dlp:~#
vi /etc/bind/80.0.16.172.db
$TTL 86400
@   IN  SOA     dlp.server.world. root.server.world. (
        2014041801  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
# define name server

        IN  NS      dlp.server.world.

# define the range of this domain included

        IN  PTR     server.world.
        IN  A       255.255.255.248

# define hostname of an IP address

82      IN  PTR     dlp.server.world.

------------------------------------------------------------------------------------------------------------
Start Bind:---

Restart BIND to take effect changes and make sure it's no ploblem.
root@dlp:~#
vi /etc/resolv.conf
# add own IP address

nameserver 10.0.0.30
root@dlp:~#
/etc/init.d/bind9 restart

 * Stopping domain name service... bind9
waiting for pid 2236 to die
                                                    [ OK ]
 * Starting domain name service... bind9            [ OK ]
root@dlp:~#
dig dlp.server.world.
; <<>> DiG 9.9.5-3-Ubuntu <<>> dlp.server.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dlp.server.world.              IN      A

;; ANSWER SECTION:
dlp.server.world.       86400   IN      A       10.0.0.30

;; AUTHORITY SECTION:
server.world.           86400   IN      NS      dlp.server.world.

;; Query time: 1 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Sat Apr 19 03:35:15 JST 2014
;; MSG SIZE  rcvd: 75

root@dlp:~#
dig -x 10.0.0.30
; <<>> DiG 9.9.5-3-Ubuntu <<>> -x 10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43217
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;30.0.0.10.in-addr.arpa.                IN      PTR

;; ANSWER SECTION:
30.0.0.10.in-addr.arpa. 86400   IN      PTR     dlp.server.world.

;; AUTHORITY SECTION:
0.0.10.in-addr.arpa.    86400   IN      NS      dlp.server.world.

;; ADDITIONAL SECTION:
dlp.server.world.       86400   IN      A       10.0.0.30

;; Query time: 1 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Sat Apr 19 03:36:51 JST 2014
;; MSG SIZE  rcvd: 111
 -----------------------------------------------------------------------------------------------------------
Set CNAME record:---


If you'd like to set another name to your Host, define CNAME record in zone file.
[1] Set CNAME record in zone file.
root@dlp:~#
vi /etc/bind/server.world.lan
$TTL 86400
@   IN  SOA     dlp.server.world. root.server.world. (
# update serial

        2014041902  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
        IN  NS      dlp.server.world.
        IN  A       10.0.0.30
        IN  MX 10   dlp.server.world.

dlp     IN  A       10.0.0.30
# aliase IN CNAME server's name

ftp     IN  CNAME   dlp.server.world.

root@dlp:~#
rndc reload

server reload successful
root@dlp:~#
dig ftp.server.world.
; <<>> DiG 9.9.5-3-Ubuntu <<>> ftp.server.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21469
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.server.world.              IN      A

;; ANSWER SECTION:
ftp.server.world.       86400   IN      CNAME   dlp.server.world.
dlp.server.world.       86400   IN      A       10.0.0.30

;; AUTHORITY SECTION:
server.world.           86400   IN      NS      dlp.server.world.

;; Query time: 0 msec
;; SERVER: 10.0.0.30#53(10.0.0.30)
;; WHEN: Sat Apr 19 03:41:09 JST 2014
;; MSG SIZE  rcvd: 93
 ------------------------------------------------------------------------------------------------------------
Slave DNS Server:---

Configure BIND as a Slave DNS Server.
The following example shows an environment that master DNS is "172.16.0.82", Slave DNS is "slave.example.host".
[1] Configure DNS master server.
root@dlp:~#
vi /etc/bind/named.conf.options
options {
directory "/etc/bind";
// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.
// forwarders {

//       0.0.0.0;

// };
# add a range you allow to transfer zones

allow-transfer { localhost; 10.0.0.0/24;
172.16.0.80/29;
};
auth-nxdomain no; # conform to RFC1035

listen-on-v6 { none; };

};
root@dlp:~#
rndc reload

server reload successful
[2] Configure DNS slave server.
root@slave:~#
vi /etc/bind/named.conf.external-zones
# add settings like follows

        zone "server.world" {
                type slave;
                masters { 172.16.0.82; };
                file "/etc/bind/slaves/server.world.wan";
        };

root@slave:~#
mkdir /etc/bind/slaves

root@slave:~#
chown bind. /etc/bind/slaves

root@slave:~#
rndc reload

server reload successful
root@slave:~#
ls /etc/bind/slaves

server.world.wan
# zone file in master DNS has been just transfered

Post a Comment

Blogger Tips and TricksLatest Tips And TricksBlogger Tricks

Visitors

Cloud Power For You

Website Hosting At Low Price

Contatc

Empire Views
 
Top