Wednesday, December 28, 2011

Configuring the BIND Name Server


1. First you need to edit /etc/named.conf (e.g. sudo nano -w /etc/named.conf) and enter the following:

options {
     directory                 "/var/named";
     pid-file                  "/var/run/named/named.pid";
     dump-file                 "data/cache_dump.db";
     statistics-file           "data/named_stats.txt";
     memstatistics-file        "data/named_mem_stats.txt";

     forwarders {
                4.2.2.1;
                                        4.2.2.2;
     };

      listen-on port 53 { 127.0.0.1; 1.2.3.4; 5.6.7.8; };
     listen-on-v6 port 53 { ::1; };
            allow-query { 127.0.0.1; 64.6.231.1; 64.6.231.2; };
     allow-recursion { 127.0.0.1; 64.6.231.1; 64.6.231.2; };
            auth-nxdomain yes;
     check-names master ignore;
};

 logging {
     channel default_debug {
            file "data/named.run";
            severity dynamic;
     };
            channel log_zone_transfers {
                             file "/var/log/named/axfr.log";
            print-time yes;
            print-category yes;
            print-severity yes;
     };

      category xfer-out { log_zone_transfers; };
     category lame-servers { null; };
};

zone "."  IN {
          type hint;
          file "named.ca";
};

 include "/etc/named.rfc1912.zones";

 zone "domain.com" {
      type master;
      file "/var/named/.com.db";
      allow-query { any; };
      allow-update { key "rndckey"; };
};

 key "rndckey" {
      algorithm hmac-md5;
      secret "+z2YW71pGwapo6A2Ko5/xQ==";
};

 controls {
       inet 127.0.0.1 allow { localhost; } keys { "rndckey"; };
};

 where,

  • 1.2.3.4 and 5.6.7.8 are the IP addresses of the network interfaces of the server (issue the command ifconfig at the prompt to see them);
  • domain.com is the name of the domain (replace it with your domain).
  •  the rndckey entry was generated using the command rndc-confgen (you should also create the file /etc/rndc.conf with entries specified in the rndc-confgen command output); and
  • 4.2.2.1 and 4.2.2.2 are publicly available name servers we used as forwarders (i.e., if our name server cannot answer a DNS query, it will be forwarded to these name servers.


2. Now, create the file /var/named/domain.com.db (e.g. sudo nano -w
/var/named/domain.com.db) and enter the following:

$TTL 86400
domain.com. 86400   IN SOA  ns1.domain.com.  me.domain.com. (
                              2010091401 ;Serial Number
                              7200 ;refresh
                              1800 ;retry
                              2419200 ;expire
                              86400 ;minimum
)

 $TTL 259200
domain.com. 259200  IN NS     ns1.domain.com.
domain.com. 259200  IN NS     ns2.domain.com.

 $TTL 86400
domain.com. 86400   IN A      1.2.3.4
domain.com. 86400   IN MX 0   mail.domain.com.

 $TTL 86400
mail        86400   IN A      1.2.3.4
ns1         86400   IN A      1.2.3.4
ns2         86400   IN A      5.6.7.8
www         86400   IN A      1.2.3.4
3. Finally, restart the BIND name server (i.e., sudo /etc/rc.d/init.d/named restart). At this point, you should have set the name servers (ns1.domain.com and ns2.domain.com) for your domain (domain.com) at your domain registrar.


Posted by at No comments:
Subscribe to: Posts (Atom)