Wednesday, December 3, 2014

Configure Bind on Slackware 12.2

The dns master configuration file is named.conf. Its location is /etc/named.conf. We better backup this file first for safety reason if we screw up later.

root@slackware:/etc# cp named.conf named.conf.bac
 root@slackware:/etc# ls -l | grep named.conf
 -rw-r--r-- 1 root root 681 2008-04-14 06:07 named.conf
 -rw-r--r-- 1 root root 681 2008-12-01 01:13 named.conf.bak
 root@slackware:/etc#


Let's view the named.conf file with less command: 

options {
 directory "/var/named";
 /*
 * If there is a firewall between you and nameservers you want
 * to talk to, you might need to uncomment the query-source
 * directive below. Previous versions of BIND always asked
 * questions using port 53, but BIND 8.1 uses an unprivileged
 * port by default.
 */
 // query-source address * port 53;

 /*
 * ISP dns server ip address
 */
 forward first;
 forwarders {
 200.188.1.123;
 200.188.1.124;
 };

 };

 //
 // a caching only nameserver config
 //
 zone "." IN {
 type hint;
 file "caching-example/named.root";
 };

 zone "localhost" IN {
 type master;
 file "caching-example/localhost.zone";
 allow-update { none; };
 };

 zone "0.0.127.in-addr.arpa" IN {
 type master;
 file "caching-example/named.local";
 allow-update { none; };
 };


This is the default named.conf configuration. By default, named.conf file only configured for localhost. So we need to edit or add our domain in this file later. We also need to create new dns zone files for our domain. We can see that all dns zone files were kept in /var/named/caching-example directory. So let's view /var/named/caching-example directory: 

root@slackware:/etc# ls -l /var/named/caching-example/
 total 16
 -rw-r--r-- 1 root root 195 2008-09-17 15:26 localhost.zone
 -rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.ca
 -rw-r--r-- 1 root root 433 2008-09-17 15:26 named.local
 -rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.root
 root@slackware:/etc#


Setup additional dns zones

You know that to setup dns you need a qualified domain name? That's true but not totally true. You can setup local BIND caching name server for your local network to speed up dns lookups, which in turn will speed up all of your Internet services. Here are examples of default configuration zone files for bind dns server:

This is localhost.zone file default configuration. It is configured for localhost:

$TTL 86400
 $ORIGIN localhost.
 @ 1D IN SOA @ root (
 42 ; serial (d. adams)
 3H ; refresh
 15M ; retry
 1W ; expiry
 1D ) ; minimum

 1D IN NS @
 1D IN A 127.0.0.1


This is named.local file default configuration. As you can see in the /etc/named.conf file configuration above, this is the reverse dns configuration file, also configured for localhost:

$TTL 86400
 @ IN SOA localhost. root.localhost. (
 1997022700 ; Serial
 28800 ; Refresh
 14400 ; Retry
 3600000 ; Expire
 86400 ) ; Minimum
 IN NS localhost.

 1 IN PTR localhost.


When we added our new domain, we'll just need to copy and configure these two files to setup bind dns server, for private dns or public dns. We leave alone the cache zone file, named.ca and the master list of the root name servers, named.root. Well, the named.root should be update from time to time though. Normally once a month because it does not change very often. Get latest update named.root from ftp.internic.net.

These are normal terms or jargon that we should know to understand bind configuration files:
•$TTL - sets a default time-to-live. 
•w - For week
•d - For day
•h - For hour
•m - For minute
•s - For second
•@ - same as $ORIGIN.
•IN - Defines the address class; IN = Internet.
•SOA - Start of Authority - Indicates authority for this zone.
•Serial number - Serial number in YYYYMMDDSS, where SS is number the file changed.
•Refresh - Tells dns slave, or secondary servers how often to check for updates.
•Retry - Tells the secondary server how often it should resend the request if fails.
•Expire - Period of time the secondary server can use its existing data.
•Minimum, or Negative-caching TTL - Cached on non-authoritative servers.
•A - Alias record - Name-to-address mapping.
•PTR - Address-to-name mapping.
•CNAME - (canonical name) alias to an A record.
•NS - Lists a nameserver for this zone.

Setup local caching name server(cache dns)

In Slackware, we don't have to edit anything to setup local caching name server. As you can see above, the localhost already configured! What we have to do is just enable bind daemon and run the service. Let's see if what I say is true.

Start dns service

Bind uses standalone server which means it's not included in inetd master server. So we have to make it executable to start the service. Here are the steps you need to do:

Change bind daemon's permission and make it executable. Here is an example:

root@slackware:~# ls -l /etc/rc.d/rc.bind
 -rw-r--r-- 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind
 root@slackware:~# chmod 755 /etc/rc.d/rc.bind
 root@slackware:~# ls -l /etc/rc.d/rc.bind
 -rwxr-xr-x 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind*
 root@slackware:~#


Now we can start the service. Here is an example command to start bind service(dns service) in Slackware:

root@slackware:~# /etc/rc.d/rc.bind start
 Starting BIND: /usr/sbin/named
 root@slackware:~#


The bind service has been started and it should be running now. But how do we now that our local caching name server is running ok?

Testing and troubleshooting dns server

To check named.conf configuration file, we can use named-checkconf tool:

root@slackware:~# named-checkconf /etc/named.conf


To check zone configuration file, we can use named-checkzone tool:

root@slackware:~# named-checkzone localhost /var/named/caching-example/localhost.zone


Use dig command to query reverse lookup.

root@slackware:~# dig -x 127.0.0.1 
; > DiG 9.4.2-P2 > -x 127.0.0.1
 ;; global options: printcmd
 ;; Got answer:
 ;; ->>HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 ;; WARNING: recursion requested but not available

 ;; QUESTION SECTION:
 ;1.0.0.127.in-addr.arpa. IN PTR

 ;; ANSWER SECTION:
 1.0.0.127.in-addr.arpa. 10000 IN PTR localhost.

 ;; Query time: 7 msec
 ;; SERVER: 192.168.1.1#53(192.168.1.1)
 ;; WHEN: Mon Dec 1 22:59:54 2008
 ;; MSG SIZE rcvd: 63



Run dig hostname command to query server response.

root@slackware:~# dig localhost

 ; > DiG 9.4.2-P2 > localhost
 ;; global options: printcmd
 ;; Got answer:
 ;; ->>HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 ;; WARNING: recursion requested but not available

 ;; QUESTION SECTION:
 ;localhost. IN A

 ;; ANSWER SECTION:
 localhost. 10000 IN A 127.0.0.1

 ;; Query time: 3 msec
 ;; SERVER: 192.168.1.1#53(192.168.1.1)
 ;; WHEN: Mon Dec 1 23:01:09 2008
 ;; MSG SIZE rcvd: 43

 root@slackware:~#


We got response there, didn't we? At the answer section there we got localhost respond to our query.

Setup a private bind dns server

To setup a private bind dns server, we need to add a new zone in the /etc/named.conf file and configure a new zone in /var/named/caching-example. This is an example of a new zone and it's reversed name resolution zone that you can add in /etc/named.conf for private dns server:

zone "example.com" in {
 allow-transfer { any; };
 file "caching-example/zone.example.com";
 type master;
 };

 // Set up reversed name resolution
 zone "1.168.192.in-addr.arpa" {
 type master;
 file "caching-example/192.zone";
 };


Make a copy of localhost.zone file and named it zone.example.com (name it zone.yourdomain.com). Below is my zone.example.com configuration. You can edit this file, add other servers you have in your network and just change names and ip addresses to your own.

;
 ; Data for private bind dns server
 ;
 $TTL 1D
 @ 1D IN SOA slackware.example.com. root.example.com. (
 2008120101 ; serial
 3H ; refresh
 15M ; retry
 1W ; expiry
 1D ) ; minimum

 ;

 @ IN NS slackware.example.com.
 @ IN A 192.168.1.3
 slackware IN A 192.168.1.3
 web IN CNAME slackware.example.com.


This is the reversed name resolution zone configuration:

;
 ; Reverse lookup dns zone file for private bind dns server
 ;
 $TTL 1D
 @ IN SOA slackware.example.com. root.example.com. (
 2008112302 ; Serial
 604800 ; Refresh
 86400 ; Retry
 2419200 ; Expire
 86400 ) ; Negative Cache TTL

 @ IN NS slackware.
 3 IN CNAME slackware.example.com.


You need to restart the bind service before your new dns takes effect. Before you restart the service, make sure you check /etc/named.conf and zone files syntax as mentioned in the testing dns section above. If you encounter problems, you can always check log file in /var/log/messages.

Setting up a private and a public dns server is the same except for a public bind dns server you need a qualified domain name and ip address.


Source:http://www.basicconfig.com/slackware_linux_dns_server_setup

No comments:

Post a Comment