There a many ways to configure BIND9. Some of the most common configurations are a caching
nameserver, primary master, and a as a secondary master.
• When configured as a caching nameserver BIND9 will find the answer to name queries and
remember the answer when the domain is queried again.
• As a primary master server BIND9 reads the data for a zone from a file on it's host and is
authoritative for that zone.
• In a secondary master configuration BIND9 gets the zone data from another nameserver
authoritative for the zone.
2.1. Overview
The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is /
etc/bind/named.conf.
The include line specifies the filename which contains the DNS options. The directory line in the /
etc/bind/named.conf.options file tells DNS where to look for files. All files BIND uses will be
relative to this directory.
The file named /etc/bind/db.root describes the root nameservers in the world. The servers change
over time, so the /etc/bind/db.root file must be maintained now and then. This is usually done
as updates to the bind9 package. The zone section defines a master server, and it is stored in a file
mentioned in the file option.
It is possible to configure the same server to be a caching name server, primary master, and secondary
master. A server can be the Start of Authority (SOA) for one zone, while providing secondary service
for another zone. All the while providing caching services for hosts on the local LAN.2.2. Caching Nameserver
The default configuration is setup to act as a caching server. All that is required is simply adding the
IP Addresses of your ISP's DNS servers. Simply uncomment and edit the following in /etc/bind/
named.conf.options:
forwarders{
};
1.2.3.4;
5.6.7.8;
Replace 1.2.3.4 and 5.6.7.8 with the IP Adresses of actual nameservers.
sudo /etc/init.d/bind9 restart
2.3. Primary Master
In this section BIND9 will be configured as the Primary Master for the domain example.com. Simply
replace example.com with your FQDN (Fully Qualified Domain Name).
2.3.1. Forward Zone File
To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the first step is to edit /
etc/bind/named.conf.local:
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};
Now use an existing zone file as a template to create the /etc/bind/db.example.com file:
sudo cp /etc/bind/db.local /etc/bind/db.example.com
Edit the new zone file /etc/bind/db.example.com change localhost. to the FQDN of your
server, leaving the additional "." at the end. Change 127.0.0.1 to the nameserver's IP Address and
root.localhost to a valid email address, but with a "." instead of the usual "@" symbol, again leaving
the "." at the end.
Also, create an A record for ns.example.com. The name server in this example:
;
; BIND data file for local loopback interface
;
$TTL
604800
@
IN
SOA
ns.example.com. root.example.com. (
2
; Serial
604800
; Refresh
86400
; Retry
2419200
; Expire
604800 )
; Negative Cache TTL
;
@
IN
NS
ns.example.com.
@
IN
A
127.0.0.1
@
IN
AAAA
::1
ns
IN
A
192.168.1.10
You must increment the Serial Number every time you make changes to the zone file. If you make
multiple changes before restarting BIND9, simply increment the Serial once.
Now, you can add DNS records to the bottom of the zone file. See Section 4.1, “Common Record
Types” [p. 103] for details.
Many admins like to use the last date edited as the serial of a zone, such as 2007010100
which is yyyymmddss (where ss is the Serial Number)
Once you have made a change to the zone file BIND9 will need to be restarted for the changes to take
effect:
sudo /etc/init.d/bind9 restart
2.3.2. Reverse Zone File
Now that the zone is setup and resolving names to IP Adresses a Reverse zone is also required. A
Reverse zone allows DNS to resolve an address to a name.
Edit /etc/bind/named.conf.local and add the following:
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
};
Replace 1.168.192 with the first three octets of whatever network you are using. Also,
name the zone file /etc/bind/db.192 appropriately. It should match the first octet of your
network.
Now create the /etc/bind/db.192 file:
sudo cp /etc/bind/db.127 /etc/bind/db.192
Next edit /etc/bind/db.192 changing the basically the same options as /etc/bind/db.example.com:
;
; BIND reverse data file for local loopback interface
;
$TTL
604800
@
IN
SOA
ns.example.com. root.example.com. (
2
; Serial
604800
; Refresh
86400
; Retry
2419200
; Expire
604800 )
; Negative Cache TTL
;
@
IN
NS
ns.
10
IN
PTR
ns.example.com.
The Serial Number in the Reverse zone needs to be incremented on each changes as well. For each A
record you configure in /etc/bind/db.example.com you need to create a PTR record in /etc/bind/
db.192.
After creating the reverse zone file restart BIND9:
sudo /etc/init.d/bind9 restart
2.4. Secondary Master
Once a Primary Master has been configured a Secondary Master is needed in order to maintain the
availability of the domain should the Primary become unavailable.
First, on the Primary Master server, the zone transfer needs to be allowed. Add the allow-transfer
option to the example Forward and Reverse zone definitions in /etc/bind/named.conf.local:
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
allow-transfer { 192.168.1.11; };
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
allow-transfer { 192.168.1.11; };
};
Replace 192.168.1.11 with the IP Address of your Secondary nameserver.
Next, on the Secondary Master, install the bind9 package the same way as on the Primary. Then edit
the /etc/bind/named.conf.local and add the following declarations for the Forward and Reverse
zones:
zone "example.com" {
type slave;
file "/var/cache/bind/db.example.com";
masters { 192.168.1.10; };
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "/var/cache/bind/db.192";
masters { 192.168.1.10; };
};
Replace 192.168.1.10 with the IP Address of your Primary nameserver.
Restart BIND9 on the Secondary Master:
sudo /etc/init.d/bind9 restart
In /var/log/syslog you should see something similar to:
slave zone "example.com" (IN) loaded (serial 6)
slave zone "100.18.172.in-addr.arpa" (IN) loaded (serial 3)
Note: A zone is only transferred if the Serial Number on the Primary is larger than the one
on the Secondary.
The default directory for non-authoritative zone files is /var/cache/bind/. This directory is
also configured in AppArmor to allow the named daemon to write to. For more information
on AppArmor see Section 4, “AppArmor” [p. 119].
nameserver, primary master, and a as a secondary master.
• When configured as a caching nameserver BIND9 will find the answer to name queries and
remember the answer when the domain is queried again.
• As a primary master server BIND9 reads the data for a zone from a file on it's host and is
authoritative for that zone.
• In a secondary master configuration BIND9 gets the zone data from another nameserver
authoritative for the zone.
2.1. Overview
The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is /
etc/bind/named.conf.
The include line specifies the filename which contains the DNS options. The directory line in the /
etc/bind/named.conf.options file tells DNS where to look for files. All files BIND uses will be
relative to this directory.
The file named /etc/bind/db.root describes the root nameservers in the world. The servers change
over time, so the /etc/bind/db.root file must be maintained now and then. This is usually done
as updates to the bind9 package. The zone section defines a master server, and it is stored in a file
mentioned in the file option.
It is possible to configure the same server to be a caching name server, primary master, and secondary
master. A server can be the Start of Authority (SOA) for one zone, while providing secondary service
for another zone. All the while providing caching services for hosts on the local LAN.2.2. Caching Nameserver
The default configuration is setup to act as a caching server. All that is required is simply adding the
IP Addresses of your ISP's DNS servers. Simply uncomment and edit the following in /etc/bind/
named.conf.options:
forwarders{
};
1.2.3.4;
5.6.7.8;
Replace 1.2.3.4 and 5.6.7.8 with the IP Adresses of actual nameservers.
sudo /etc/init.d/bind9 restart
2.3. Primary Master
In this section BIND9 will be configured as the Primary Master for the domain example.com. Simply
replace example.com with your FQDN (Fully Qualified Domain Name).
2.3.1. Forward Zone File
To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the first step is to edit /
etc/bind/named.conf.local:
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
};
Now use an existing zone file as a template to create the /etc/bind/db.example.com file:
sudo cp /etc/bind/db.local /etc/bind/db.example.com
Edit the new zone file /etc/bind/db.example.com change localhost. to the FQDN of your
server, leaving the additional "." at the end. Change 127.0.0.1 to the nameserver's IP Address and
root.localhost to a valid email address, but with a "." instead of the usual "@" symbol, again leaving
the "." at the end.
Also, create an A record for ns.example.com. The name server in this example:
;
; BIND data file for local loopback interface
;
$TTL
604800
@
IN
SOA
ns.example.com. root.example.com. (
2
; Serial
604800
; Refresh
86400
; Retry
2419200
; Expire
604800 )
; Negative Cache TTL
;
@
IN
NS
ns.example.com.
@
IN
A
127.0.0.1
@
IN
AAAA
::1
ns
IN
A
192.168.1.10
You must increment the Serial Number every time you make changes to the zone file. If you make
multiple changes before restarting BIND9, simply increment the Serial once.
Now, you can add DNS records to the bottom of the zone file. See Section 4.1, “Common Record
Types” [p. 103] for details.
Many admins like to use the last date edited as the serial of a zone, such as 2007010100
which is yyyymmddss (where ss is the Serial Number)
Once you have made a change to the zone file BIND9 will need to be restarted for the changes to take
effect:
sudo /etc/init.d/bind9 restart
2.3.2. Reverse Zone File
Now that the zone is setup and resolving names to IP Adresses a Reverse zone is also required. A
Reverse zone allows DNS to resolve an address to a name.
Edit /etc/bind/named.conf.local and add the following:
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
};
Replace 1.168.192 with the first three octets of whatever network you are using. Also,
name the zone file /etc/bind/db.192 appropriately. It should match the first octet of your
network.
Now create the /etc/bind/db.192 file:
sudo cp /etc/bind/db.127 /etc/bind/db.192
Next edit /etc/bind/db.192 changing the basically the same options as /etc/bind/db.example.com:
;
; BIND reverse data file for local loopback interface
;
$TTL
604800
@
IN
SOA
ns.example.com. root.example.com. (
2
; Serial
604800
; Refresh
86400
; Retry
2419200
; Expire
604800 )
; Negative Cache TTL
;
@
IN
NS
ns.
10
IN
PTR
ns.example.com.
The Serial Number in the Reverse zone needs to be incremented on each changes as well. For each A
record you configure in /etc/bind/db.example.com you need to create a PTR record in /etc/bind/
db.192.
After creating the reverse zone file restart BIND9:
sudo /etc/init.d/bind9 restart
2.4. Secondary Master
Once a Primary Master has been configured a Secondary Master is needed in order to maintain the
availability of the domain should the Primary become unavailable.
First, on the Primary Master server, the zone transfer needs to be allowed. Add the allow-transfer
option to the example Forward and Reverse zone definitions in /etc/bind/named.conf.local:
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
allow-transfer { 192.168.1.11; };
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
allow-transfer { 192.168.1.11; };
};
Replace 192.168.1.11 with the IP Address of your Secondary nameserver.
Next, on the Secondary Master, install the bind9 package the same way as on the Primary. Then edit
the /etc/bind/named.conf.local and add the following declarations for the Forward and Reverse
zones:
zone "example.com" {
type slave;
file "/var/cache/bind/db.example.com";
masters { 192.168.1.10; };
};
zone "1.168.192.in-addr.arpa" {
type slave;
file "/var/cache/bind/db.192";
masters { 192.168.1.10; };
};
Replace 192.168.1.10 with the IP Address of your Primary nameserver.
Restart BIND9 on the Secondary Master:
sudo /etc/init.d/bind9 restart
In /var/log/syslog you should see something similar to:
slave zone "example.com" (IN) loaded (serial 6)
slave zone "100.18.172.in-addr.arpa" (IN) loaded (serial 3)
Note: A zone is only transferred if the Serial Number on the Primary is larger than the one
on the Secondary.
The default directory for non-authoritative zone files is /var/cache/bind/. This directory is
also configured in AppArmor to allow the named daemon to write to. For more information
on AppArmor see Section 4, “AppArmor” [p. 119].
Comments
Post a Comment
https://gengwg.blogspot.com/