DNS Installation and Setup using BIND9

Introduction

This HOWTO will assist you in getting a Domain Name Server (DNS) up and running using BIND9 on Debian Etch. When setting up a DNS server it is common practise to use two separate DNS servers for a domain as you are required to have at least two DNS servers running for DNS to work correctly. If one breaks, the other can continue to serve your domain.

However, when I setup my DNS system I did not have the resources on hand to use two different servers for DNS so the setup below will configure one server to run both nameservers. It’s not an ideal solution and is definitely not a best-practise solution but one can only work with what you have.

In this HOWTO I will use the fictional domain “example.com”. The nameservers will use 192.168.254.1 and 192.168.254.2 as their IP addresses. Both the domain and namerserver IPs need to be changed to reflect your server…..
Requirements

* A Debian Etch base installation
* At least two static IP addresses that you can use to setup the nameserver information.
* Root access to your server.

Pre-Installation

Before proceeding to install, update the necessary packages in Debian with this command.

apt-get update
apt-get upgrade

Installing lsb-base and BIND9

To continue we need some Debian building tools since we have to download source packages:

apt-get install devscripts

BIND9 depends on lsb-base from testing. Lets grab it: (Syntax explanation: the -y tells apt to say yes to all questions, build-dep installs all packages required for -testing_packageX- from the Etch repository and with -b the source gets built straight away.)

mkdir /usr/local/lsb-base/
cd /usr/local/lsb-base/
apt-get -y build-dep lsb-base
apt-get source lsb-base -b
dpkg-i lsb-base*.deb

Next is BIND9:

mkdir /usr/local/bind9
cd /usr/local/bind9
apt-get -y build-dep bind9
apt-get source bind9 -b
dpkg -i *.deb

Configure the Master DNS Server

First we need to stop BIND9:

/etc/init.d/bind9 stop

In order to chroot bind we need to set an option in /etc/default/bind9.

Locate this in /etc/default/bind9:

OPTIONS=”-u bind”

Replace it with this:

OPTIONS=”-u bind -t /var/lib/named”

It will now run as user ‘bind’ chrooted in ‘/var/lib/named’.

These steps are required for the chroot jail:

mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/*
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind

Bind now has its own dir with space for .pid files and config files. In order to keep things clear we made a symlink back to /etc/.

Now edit /etc/init.d/sysklogd to allow logging of bind activity. Replace this:

SYSLOGD=”"

With this:

SYSLOGD=”-a /var/lib/named/dev/log”

Now restart sysklogd and BIND9:

/etc/init.d/sysklogd restart
/etc/init.d/bind9 start

And test:

ping www.google.co.in

get a reply, then your DNS master server is working and ready to use. We will now complete and use the example.com domain with our new master server.

Setting up the example.com domain

The new master DNS server is currently just forwarding requests to the server of your ISP. So, we will now install and configure our own domain and let our new server handle all request regarding that domain.
Creating the zone files

Lets start with creating the directory where we will store the zone file. This file contains all info about the domain.

mkdir /etc/bind/zones/master/

Next we will create the zones file:

vim /etc/bind/zones/master/example.com.db

Add the following (obviously replacing example.com and 192.168.254.1 with your own details):

;
; BIND data file for example.com
;
$TTL    604800
@       IN      SOA     example.com. info.example.com. (
2007011501         ; Serial
7200         ; Refresh
120         ; Retry
2419200         ; Expire
604800)        ; Default TTL
;
@       IN      NS      ns1.example.com.
@       IN      NS      ns2.example.com.
example.com.    IN      MX      10      mail.example.com.
example.com.    IN      A       192.168.254.1
www                     IN      CNAME   example.com.
mail                    IN      A       192.168.254.1
ftp                     IN      CNAME   example.com.
example.com.            IN      TXT     “v=spf1 ip4:192.168.254.1 a mx ~all”
mail                    IN      TXT     “v=spf1 a -all”

Here we have created a DNS zone file with both nameservers as well as records for the mail and ftp server for the domain example.com. Trying to go into more detail about what each item reflects above is beyond the scope of this HOWTO and you should do your own research into what each item means.

Create a new file called 192.168.254.rev which follows the convention of the first three IP ranges in your IP address

vim /etc/bind/zones/master/192.168.254.rev

Add the following:

$TTL 1d ;
$ORIGIN 254.168.192.IN-ADDR.ARPA.
@       IN      SOA     ns1.example.com.   info.example.com. (
2007011501
7200
120
2419200
604800
)
IN      NS      ns1.example.com.
IN      NS      ns2.example.com.
1       IN      PTR     ns1.example.com.
2       IN      PTR     ns2.example.com.

The reverse lookup files are almost identical to the domain zone files with only minor changes. The first section of this file is exactly the same as the first section of the domain zone file. The bottom section is where it is different. This time we are listing the last part of the IP address first and then the hostname last.

There are 2 things you must notice here. You have to use the fully qualified domain name here and you must put a “.” at the end of it. These 2 things are important to the file and weird things will happen if you don’t do it this way.

You must also change the $ORIGIN section at the top of the RDNS file to reflect the reverse IP address of your server. In this example our IP address ranges are 192.168.254.1/2 and the reverse of this would be 254.168.192.IN-ADDR.ARPA. In the PTR records at the bottom we assign the final IP range to reflect our two nameservers – i.e. 1 & 2.

Making sure all is OK

Now that we’ve created both zone and reverse files we need to check that our main zone file is good to go. BIND9 breaks very easily so it’s best to run this check before committing your changes.

cd /etc/bind/zones/master/
named-checkzone example.com example.com.db

You should get an OK status when doing this. If not you need to double-check your zone file and make changes until you get an OK status.

Adding zone files to BIND9

We now need to add the zone file data to the named.conf.local file:

vim /etc/bind/named.conf.local

And add the following to the file:

zone “example.com” {
type master;
file “/etc/bind/zones/master/example.com.db”;
};

zone “254.168.192.IN-ADDR.ARPA” {
type master;
file “/etc/bind/zones/master/192.168.254.rev”;
};

Testing

We can now restart bind and check if it works:

/etc/init.d/bind9 restart
ping ns1.example.com

This should bring bring up a ping result resolving to 192.168.254.1

Try another test:

nslookup ns1.example.com

Should give you 192.168.254.1

Finally run this one:

dig @localhost example.com

If all is OK then you’ll be presented with the zone file information. At this stage you now have a working and usable DNS server.