Install and configure BIND on your vps

1. bind9 nameserver installation

Unless you prefer to install bind from a source code the installation is rather simple. On a Debian or Ubuntu Linux server you can install a bind nameserver with a following command:

 

apt-get install bind9 dnsutils

CentOS or Fedora alternative:

yum install bind dnsutils

dnsutils is not compulsory package to run bind webserver, but we will use a dig command which is part of this package as a testing tool of your bind configuration.

2. Creating a DNS zone file

At this stage we will need to create a new zone file for a domain linuxconfig.org. Navigate to /etc/bind/ directory execute following sequence of commands to navigate to zones/master/

cd /etc/bind
mkdir -p zones/master
cd zones/master/

/etc/bind/zones/master directory will contain a zone file for a linuxconfig.org domain. If you prefer to use another directory to hold this file you are free to do so. The following zone file db.linuxconfig.org will hold a DNS record to assist a nameserver resolve a fully qualified domain name to an IP address. Create and save db.linuxconfig.org with a following content:

;
; BIND data file for linuxconfig.org
;
$TTL    3h
@       IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
@       IN      NS      ns1.linuxconfig.org.
@       IN      NS      ns2.linuxconfig.org.


linuxconfig.org.    IN      MX      10      mail.linuxconfig.org.
linuxconfig.org.    IN      A       192.168.0.10
ns1                     IN      A       192.168.0.10
ns2                     IN      A       192.168.0.11
www                     IN      CNAME   linuxconfig.org.
mail                    IN      A       192.168.0.10
ftp                     IN      CNAME   linuxconfig.org.

Here is just a quick review of some lines from the above bind DNS zone file:

  • SOA  Record: nameserver authoritative for a zone linuxconfig.org is ns1.linuxconfig.org and admin.linuxconfig.org is an email address of a person responsible for this DNS zone.
  • NS Records: two nameservers for a linuxconfig.org zone are ns[1,2].linuxconfig.org
  • MX ( Mail Exchange): linuxconfig.org mail exachange record. Number 10 means a preference for discarting a records A : A simply means address inanother words in linuxconfig.org’s zone a ns1 would ahve a A ( address ) 192.168.0.10.
  • CNAME Record ( Canonical Name record ): restart the query using the canonical name instead of the original name

3. address-to-name mappings

At this stage the bind DNS server can resolve an IP address mapped to a linuxconfig.org host. What we should do now is the teach our nameserver the other way around, which is, to resolve a host  from an IP address. For this we are going to need yet another file and that is db.192.168.0 with a following content:

PTR

;
; BIND reverse data file for 0.168.192.in-addr.arpa
;
$TTL    604800
0.168.192.in-addr.arpa.      IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                          1         ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
0.168.192.in-addr.arpa.       IN      NS      ns1.linuxconfig.org.
0.168.192.in-addr.arpa.       IN      NS      ns2.linuxconfig.org.

10.0.168.192.in-addr.arpa.   IN      PTR     linuxconfig.org.
  • PTR: a NDS record used for a mapping of an IP address to a host name.

4. Updating a BIND Configuration File

At this point we should have two files ready:
  • /etc/bind/zones/master/db.linuxconfig.org
  • /etc/bind/zones/master/db.192.168.0
All we need to do now is to insert both zone file names into a bind’s configuration file named.conf.local. To do that add following lines into this file:
zone "linuxconfig.org" {
       type master;
       file "/etc/bind/zones/master/db.linuxconfig.org";
};

zone "0.168.192.in-addr.arpa" {
       type master;
       file "/etc/bind/zones/master/db.192.168.0";
};

Last thing before we go ahead to check a configuration is to add and IP address af a stable DNS server to a named.conf.options file. This IP address is used in case that a local DNS server do not know the answer the a name resolution query. In IP address of a DNS server in many cases is provided by your Internet provider. Alternatively if you are google fan use 8.8.8.8 or 8.8.4.4.

Replace a following blog of text withing a named.conf.options file:

       // forwarders {
       //      0.0.0.0;
       // };

with new stable DNS server IP  address

        forwarders {
              8.8.4.4;
         };

5. Checking bind’s zone files and configuration

Before we attempt to start a bind nameserver with a new zone and configuration here are some tools to check if we have not done some typo or misconfiguration.
To check a configuration files run a following command:
named-checkconf

With this named-checkconf command the rule is: no news are good news. If no output had been produced your config files looks OK.

To check a DNS zone files we can use named-checkzone command:

named-checkzone linuxconfig.org /etc/bind/zones/master/db.linuxconfig.org
zone linuxconfig.org/IN: loaded serial 1
OK

reverse zone file check:

named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.0
zone 0.168.192.in-addr.arpa/IN: loaded serial 2
OK

6. Start / restart bind nameserver

At this point nothing can stop us to run bind9 dns server:

 /etc/init.d/bind9 start
Starting domain name service...: bind9.

Alternatively, if your bind server is already running use a following command to to assist you with its restart:

/etc/init.d/bind9 restart
Stopping domain name service...: bind9.
Starting domain name service...: bind9.

7. Testing a bind server configuration

A dig command from dnsutils package will become handy to help us to test a new configuration of  bind nameserver.

dig command can be used from any PC which has a network access the your DNS server but preferably your should start your testing from a localhost. In our this case the IP address of our name server is 192.168.135.130. First we will test host-to-IP resolution:

dig @192.168.135.130 www.linuxconfig.org

; <<>> DiG 9.6-ESV-R1 <<>> @192.168.135.130 www.linuxconfig.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<

Next we test IP-to-host resolution:

dig @192.168.135.130 -x 192.168.0.10

; <<>> DiG 9.6-ESV-R1 <<>> @192.168.135.130 -x 192.168.0.10
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<

One Response

  1. Admin Maximcode

Leave a Reply