Background:
BIND, stands for Berkeley Internet Name Domain, is the most commonly used Domain Name System (DNS) server (or simply name server) on the Internet. On UNIX-Like systems it is the de facto standard. BIND was originally created by four graduate students at the Computer Systems Research Group (CSRG) at University of California, Berkeley, and was first released with 4.3BSD. Paul Vixie started maintaining it in 1988 while working for DEC. Today, BIND is maintained by the ISC (Internet Systems Consortium). BIND is by far the most widely used DNS server software on the Internet. It provides a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.
Getting Started:
In this tutorial I will demonstrate how to setup BIND DNS Server on CentOS 5.3. Use your favorite editor to edit configuration files. I use nano.
We start off by installing required packages. Following is the list of packages associated with DNS:
| Code: |
| Bind bind-chroot bind-devel bind-libbind-devel bind-libs bind-sdb bind-utils caching-nameserver system-config-bind |
Install packages using yum as root:
| Code: |
| [root@cybertron Knight]# yum clean all Loaded plugins: fastestmirror, priorities Cleaning up Everything Cleaning up list of fastest mirrors [root@cybertron Knight]# yum install bind-chroot bind-libs bind-sdb bind-utils caching-nameserver Loaded plugins: fastestmirror, priorities Determining fastest mirrors * epel: ftp.yz.yamagata-u.ac.jp * contrib: mirror.nus.edu.sg * epel-source: ftp.yz.yamagata-u.ac.jp * rpmforge: apt.sw.be * base: mirror.nus.edu.sg * updates: mirror.averse.net * extras: mirror.nus.edu.sg * centosplus: mirror.averse.net * addons: mirror.nus.edu.sg . . . |
Caching-Only Name Server:
A Caching-Only Name Server will find the answer to name queries and remember the answer the next time you need it. This will shorten the waiting time the next time significantly, especially if you're on a slow connection. To configure a caching-only name server, all you need to do is to copy the file /var/named/chroot/etc/named.caching-nameserver.conf to /var/named/chroot/etc/named.conf and make changes according to your network. My server’s IP address is 192.168.15.2, so my server’s named.conf, after copying and modifying, will look as follows:
| Code: |
| options { listen-on port 53 { 127.0.0.1; 192.168.15.2; }; directory "/var/named"; query-source port 53; allow-query { 127.0.0.1; 192.168.15.0/24; }; logging { include "/etc/named.rfc1912.zones"; |
This configuration reflects a caching-only name server. To start the named service:
| Code: |
| [root@cybertron Knight]# /sbin/service named start |
Here is the dig output taken on Cygwin on another computer against centos.org:
| Code: |
| Saad@kakarot ~ $ dig centos.org ; <<>> DiG 9.6.0 <<>> centos.org ;; QUESTION SECTION: ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec |
The third last line shows that the DNS query was made to the server 192.168.15.2 and the server replied to the query as expected. Query time on the fourth last line is 0 msec because this was the second time this query was made to the server.
Forwarding-Only Name Server:
You can configure a name sever in forward-only mode. A name server in forward-only mode is a variation on a name server that uses forwarders. It still answers queries from its authoritative data and cached data. However, it relies completely on its forwarders; it doesn't try to contact other name servers to find information if the forwarders don't give it an answer. Here is an example of what the configuration file of a name server in forward-only mode would contain in our case:
| Code: |
| options { directory "/var/named"; forward only; |
Configuring a Domain:
Now, let’s create a master name server. A master name server for a zone reads the data for the zone from a file on its host. This name server is authoritative for that zone. Once you've created the data for your zone and set up a master name server, you don't need to copy that data from host to host to create new name servers for the zone. You simply set up slave name servers that load their data from the master name server for the zone. The slaves you set up will transfer new zone data when necessary.
First thing to do is to copy named.rfc1912.zones to named.conf:
| Code: |
| [root@cybertron Knight]# cd /var/named/chroot/etc/ [root@cybertron etc]# cp named.rfc1912.zones named.conf |
Now, copy the options stanza described earlier for the caching-only name server and add a zone clause followed by the location of rndc.key. In our case it will call it nix-knight.com and it looks as follows:
| Code: |
| options { listen-on port 53 { 127.0.0.1; 192.168.15.2; }; directory "/var/named"; query-source port 53; allow-query { 127.0.0.1; 192.168.15.0/24; }; zone "nix-knight.com" IN { include "/etc/rndc.key"; |
For a master name server, a forward zone file is needed. So, as written in the above zone clause, nix-knight.com.fzone is our forward zone file. Forward zones convert names to IP addresses. This zone file is to be saved in /var/named/chroot/var/named directory.The contents of our forward zone file are as follows:
| Code: |
| $TTL 86400 @ IN SOA nix-knight.com. nix-knight.com. ( 2009081300 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS nix-knight.com. ns IN A 192.168.15.2 |
Restart named for changes to take effect:
| Code: |
| [root@cybertron Knight]# /sbin/service named restart |
If you have SELinux enabled, activate the named_write_master_zones SELinux setting:
| Code: |
| [root@cybertron named]# /usr/sbin/setsebool -P named_write_master_zones 1 |
The output of dig on Cygwin against nix-knight.com is as follows:
| Code: |
| Saad@kakarot ~ $ dig nix-knight.com ; <<>> DiG 9.6.0 <<>> nix-knight.com ;; QUESTION SECTION: ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 3 msec |
Reverse zones convert IP addresses to names. Generally a reverse zone is not much important but Internet standards documents (RFC 1033, RFC 1912 Section 2.1) specify that "Every Internet-reachable host should have a name" and that such names are matched with a reverse pointer record. We don’t need a reverse zone in our local network but for the sake of this tutorial, I will show you how a reverse zone files looks like. The first we need to do is to edit named.conf and add another zone entry for our reverse zone:
| Code: |
| zone "15.168.192.in-addr.arpa" IN { type master; file "nix-knight.com.rzone"; }; |
Now we need to create the zone file nix-knight.com.rzone in /var/named/chroot/var/named directory. The contents of this file are as follows:
| Code: |
| $TTL 86400 @ IN SOA nix-knight.com. root.nix-knight.com. ( 2009081300 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.nix-knight.com. 2 IN PTR ns. nix-knight.com. |
Again, restart named for changes to take effect:
| Code: |
| [root@cybertron Knight]# /sbin/service named restart |
Again, the output of dig on Cygwin against 192.168.15.2 (Since we are converting IP addresses to names) is as follows:
| Code: |
| Saad@kakarot ~ $ dig -x 192.168.15.2 ; <<>> DiG 9.6.0 <<>> -x 192.168.15.2 ;; QUESTION SECTION: ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 2 msec |
As you can see, the IP 192.168.15.2 is translated into name in the ;; ANSWER SECTION.
The final thing you would want to do is to turn on named service at system startup:
| Code: |
| [root@cybertron Knight]# /sbin/chkconfig --levels 235 named on |
Conclusion:
So, this is just a basic BIND configuration to get u started on the road to DNS. For in-depth knowledge on DNS and more named configuration options, I would recommend some books:
1.DNS and BIND by Paul Albitz and Cricket Liu
2.Pro DNS and BIND by Ronald G.F. Aitchison
3.DNS in Action by Libor Dostálek and Alena Kabelová
Finally, at the end of this tutorial, my server’s named.conf is as follows:
| Code: |
| options { listen-on port 53 { 127.0.0.1; 192.168.15.2; }; directory "/var/named"; version "REFUSED"; query-source port 53; logging { zone "nix-knight.com" IN { zone "15.168.192.in-addr.arpa" IN { include "/etc/named.rfc1912.zones"; |