SYNOPSIS: How to set up a simple dns server with bind
HINT: version 1.0beta1 This hint explains how to set up bind on your lfs. I am not a bind specialist, what is written is what i have understood. Don\'t hesitate to correct it if you see mistakes or have optimizations.
------------------------------------------------ 1) Installation of bind
tar zxvf bind-9.1.3.tar.gz cd bind-9.1.3 ./configure make make install
The following configuration files are very simple. It allows you to have a dns server for your local network and allows you to use the dns server of your FAI when you\'re connected to internet.
On this example, network address : 192.168.0.0 domain name : zerezo.org machine host name : zarba machine ip : 192.168.0.51
--------------------------------------------------- 2) The main configuration file : /etc/named.conf
;; Begin of file
; General options options { auth-nxdomain yes; directory \"/var/named\"; forward first; forwarders { 212.47.227.206; DNS of your FAI here 212.47.227.207; }; };
; zone for access to Internet zone \".\" { type hint; file \"named.ca\"; };
; zone for access to localhost zone \"0.0.127.in-addr.arpa\" { type master; file \"named.local\"; };
; zone for access to your domain zone \"zerezo.org\" in { type master; notify no; file \"zerezo.org\"; };
; zone for access to your domain using ip zone \"0.168.192.in-addr.arpa\" in { type master; notify no; file \"db.192.168.0\"; };
;; End of file
------------------------------------ 3) Configuration files for each zone
There is a configuration file of each zone defined in named.conf. These files are in /var/named . You have to create this directory.
a) /var/named/named.ca
This file is used when you are connected to internet. I got this file on internet. It seems rather old, maybe you can have a more recent one.
; Begin of file ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the \"cache . \" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC registration services ; under anonymous FTP as ; file /domain/named.root ; on server FTP.RS.INTERNIC.NET ; -OR- under Gopher at RS.INTERNIC.NET ; under menu InterNIC Registration Services (NSI) ; submenu InterNIC Registration Archives ; file named.root ; ; last update: Aug 22, 1997 ; related version of root zone: 1997082200 ; ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; temporarily housed at NSI (InterNIC) ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10 ; ; housed in LINX, operated by RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ; ; temporarily housed at ISI (IANA) ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 ; ; housed in Japan, operated by WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
b) /var/named/named.local
You must have an alias postmaster that points to the user root or another one.
; Begin of file $TTL 3D @ IN SOA zarba.zerezo.org. postmaster.zarba.zerezo.org. ( 1999112002 28800 14400 604800 86400 ); NS zarba.zerezo.org. 1 PTR localhost. Adresse IP reverse ; End of file
c) /var/named/zerezo.org
; Begin of file $TTL 3D @ IN SOA zarba.zerezo.org. postmaster.zarba.zerezo.org. ( 1999112002 numero de serie 28800 rafraichissement 14400 nouvel essais 604800 expiration 86400 ); temps de vie minimum
; NS = server de nom de domaine @ IN NS zarba @ IN NS zarba.zerezo.org.
; MX = server de mail, numero = priorite @ IN MX 10 zarba @ IN MX 20 zarba.zerezo.org.
; localt dns server @ IN A 127.0.0.1 @ IN A 192.168.0.51
; server IP localhost IN A 127.0.0.1 zarba IN A 192.168.0.51
; IP of others machines of the network karine IN A 192.168.0.52 yaf IN A 192.168.0.7
; aliases www IN CNAME zarba ftp IN CNAME zarba mail IN CNAME zarba ; End of file
d) /var/named/db.192.168.0
; Begin of file $TTL 3D @ IN SOA zarba.zerezo.org. postmaster.zarba.zerezo.org. ( 1999112002 numero de serie 28800 rafraichissement 14400 nouvel essais 604800 expiration 86400 ); temps de vie
; nameserver IN NS zarba.zerezo.org.
; IP Reverses adresses 1 IN PTR zarba.zerezo.org. 2 IN PTR karine.zerezo.org. 3 IN PTR yaf.zerezo.org.
; End of file
------------------------ 4) Configuration of rndc
rndc is used to administrate bind. His developpment is not fisnished but i prefer to put it in this hint rather than the obsolete nslookup utility.
a) Creation of a key
You have to get a key so rndc can communicate with bind : dnssec-keygen -a hmac-md5 -b 128 -n user rndc
It will create you two files. Get the values of the key in the .key one.
b) /etc/rdnc.conf
Create the file and edit the key please.
; Begin of file options { default-server localhost; default-key rndc_key; };
server localhost { key rndc_key; };
key rndc_key { algorithm hmac-md5; secret \"Xd3zz2FgxvkML4V/BlVG8Q==\"; }; ; End of file
c) Edit again /etc/named.conf and add the following lines :
