Configuring Bind9
Configuring Bind9
This doc will show how to create the conf files for and test bind9.
Configuration files are located at /etc/bind
Become root
Create a sub-directory to store the conf files. In this doc, it will be “zones”
cd /etc/bind/
mkdir zones
Copy the default conf file that you’ll use to zones
cp db.local ./zones/example.com.db.local
Where example.com is your domain
Edit this file
cd zones
nano example.com.db.local
The file should appear as follows:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
make the changes to the file to appear as this:
NOTE: Don’t forget the periods after the domain names
xxx.xxx.xxx.xxx = the target machines’ IP Address
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA example.com. host.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.example.com.
@ IN A xxx.xxx.xxx.xxx
@ IN AAAA ::1
;
ns1 IN A xxx.xxx.xxx.xxx
mail IN A xxx.xxx.xxx.xxx
www IN A xxx.xxx.xxx.xxx
;
example.com. IN MX 10 mail.example.com.
;
Computer-Name IN CNAME www
These changes will create “A” records for ns1, (which is your dns server), and also mail and www.
It further creates an MX or Mail Exchange record for mail.example.com.
It creates an alias, or “CNAME” for “Computer-Name”.
Rules to remember:
a ; is used to uncomment. # doesn’t work here.
in-addr.your MX record must have a corresponding “A” Record. It can’t be a CNAME.
Now, create a file in your zones directory titled example.com.in-addr.arpa.local. This is for reverse lookups.
Edit the file to look like this:
$TTL 604800
@ IN SOA example.com. root.example.com. (
2010081401;
28800;
604800;
604800;
86400 );
;
IN NS ns1.example.com.
4 IN PTR example.com.
Edit the file /etc/bind/named.conf.local
This is where you’ll point the bind service to the files that you created in the zones directory
Make the file look like this:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;
zone “example.com” { NOTE: THIS DOMAINNAME ENTRY IS, IN FACT, IN QUOTES
type master;
file “/etc/bind/zones/example.com.db.local”;
};
zone “3.2.1.in-addr.arpa” {
type master;
file “/etc/bind/zones/example.com.in-addr.arpa.local”;
};
As you can see in the example above, The “file” statements correspond with the path and filenames you created.
Restart the service:
service bind9 restart
To test:
Look at the syslong file
grep bind /var/log/syslog
It should look something like this:
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: starting BIND 9.8.1-P1 -u bind
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-geoip=/usr’ ‘–enable-ipv6’ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2’ ‘LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro’ ‘CPPFLAGS=-D_FORTIFY_SOURCE=2’
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: loading configuration from ‘/etc/bind/named.conf’
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: reading built-in trusted keys from file ‘/etc/bind/bind.keys’
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: set up managed keys zone for view _default, file ‘managed-keys.bind’
Look for errors or warnings
Use the command “dig” using one of the FQDN’s that you defined in you example.com.db.local file:
dig mail.example.com @xxx.xxx.xxx.xxx
in place of xxx.xxx.xxx.xxx, use your new dns server’s ip address.
You should see this:
; <<>> DiG 9.8.1-P1 <<>> mail.test-matt.com @206.207.94.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48761
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
mail.example.com. 604800 IN A xxx.xxx.xxx.xxx
;; AUTHORITY SECTION:
example.com. 604800 IN NS ns1.example.com.
;; ADDITIONAL SECTION:
ns1.example.com. 604800 IN A xxx.xxx.xxx.xxx
;; Query time: 1 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Mon Jan 26 16:02:52 2015
;; MSG SIZE rcvd: 86
add an “mx” to the end of that dig command and use just the domain name (example.com) to test your mx record.
dig example.com @xxx.xxx.xxx.xxx mx
It should look like this:
; <<>> DiG 9.8.1-P1 <<>> mail.test-matt.com @206.207.94.34 mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.example.com. IN MX
;; ANSWER SECTION:
example.com. 604800 IN MX 10 mail.example.com.
;; AUTHORITY SECTION:
example.com. 604800 IN NS ns1.example.com.
;; ADDITIONAL SECTION:
mail.example.com. 604800 IN A xxx.xxx.xxx.xxx
ns1.example.com. 604800 IN A xxx.xxx.xxx.xxx
;; Query time: 1 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Mon Jan 26 16:06:10 2015
;; MSG SIZE rcvd: 77
Matt Long
01/26/2015