Setup Bind9 On Debian

In Linux, Tutorial

Install bind9

BIND (Berkely Internet Name Domain) is a software for translating domain names into IP addresses.

Install it using command:

apt-get install bind9 bind9utils bind9-doc dnsutils

The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is/etc/bind/named.conf.

Configure Bind9

Open up the file /etc/bind/named.conf.local in any editor.

nano /etc/bind/named.conf.local

Add the following lines to define forward and reverse zone files.

zone    "bodi.local"   {
        type master;
        file    "/etc/bind/for.bodi.local";
 };

zone   "1.168.192.in-addr.arpa"        {
       type master;
       file    "/etc/bind/rev.bodi.local";
 };

Save and close the file.

Create Zone Files

Now create the forward and reverse zone files which we defined in the above step.

1. Forward Zone file

Copy the existing zone file template /etc/bind/db.local to create a new forward zone file.

cp /etc/bind/db.local /etc/bind/for.bodi.local

Now edit the file /etc/bind/for.bodi.local,

nano /etc/bind/for.bodi.local

Change the contents as shown below and replace the domain name and ip address with your own.

$TTL    604800
@       IN      SOA     ns1.bodi.local. hostmaster.bodi.local. (
         2006080501     ; Serial
              10800     ; Refresh
               3600     ; Retry
             604800     ; Expire
               3600 )   ; Negative Cache TTL

; name servers - NS records
    IN NS ns1.bodi.local.
    IN NS ns2.bodi.local.

; domain mx, cname and A record
bodi.local. IN MX 1 aspmx.l.google.com.
bodi.local. IN MX 5 alt1.aspmx.l.google.com.
bodi.local. IN MX 5 alt2.aspmx.l.google.com.
bodi.local. IN MX 10 aspmx2.googlemail.com.
bodi.local. IN MX 10 aspmx3.googlemail.com.
bodi.local. IN A 192.168.1.200
www IN CNAME bodi.local.

; name servers - A records
ns1.bodi.local. IN A 192.168.1.200
ns2.bodi.local. IN A 192.168.1.200

2. Reverse Zone file

Copy the existing zone file template /etc/bind/db.127 to create a new reverse zone file.

cp /etc/bind/db.127 /etc/bind/rev.bodi.local

Now edit the file /etc/bind/rev.bodi.local,

$TTL    604800
@       IN      SOA     ns1.bodi.local. hostmaster.bodi.local. (
                    2016121301         ; Serial
                         10800         ; Refresh
                          3600         ; Retry
                        604800         ; Expire
                         3600 )        ; Negative Cache TTL
; name servers
      IN      NS      ns1.bodi.local.
      IN      NS      ns2.bodi.local.

; PTR Records
200.1   IN      PTR     ns1.bodi.local.
200.1   IN      PTR     ns2.bodi.local.

Save and close the file.

As you see in the above configuration, i increased the serial number for reverse zone file. For each change you should increase the reverse zone serial number as well.

Now restart bind9 service.

service bind9 restart

Test DNS Configuration and Zone Files

You can check the DNS configuration and zone files configuration for any syntax errors.

Check DNS configuration file using command:

named-checkconf /etc/bind/named.conf.local

If it returns nothing, your configuration file doesn’t have any syntax errors.

Check Forward Zone:

named-checkzone bodi.local /etc/bind/for.bodi.local

Sample Output:

zone bodi.local/IN: loaded serial 2
OK

Check Reverse Zone:

named-checkzone bodi.local /etc/bind/rev.bodi.local

Sample output:

zone bodi.local/IN: loaded serial 3
OK

Adjust iptables to allow DNS default port 53

First make sure that BIND9 is running on default port 53.

netstat -tulpn | grep :53

Sample output:

tcp        0      0 192.168.1.200:53        0.0.0.0:*               LISTEN      4893/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      4893/named
tcp6       0      0 :::53                   :::*                    LISTEN      4893/named
udp        0      0 192.168.1.200:53        0.0.0.0:*                           4893/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           4893/named
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           2582/avahi-daemon:
udp6       0      0 :::53                   :::*                                4893/named
udp6       0      0 :::5353                 :::*                                2582/avahi-daemon:

Now let us open port 53 through iptables.

First Install iptables-persistent package using command:

apt-get install iptables-persistent

Open up the file /etc/iptables/rules.v4 using any editor,

nano /etc/iptables/rules.v4,

Add the rule to open port 53.

# Generated by iptables-save v1.4.14 on Tue Nov  5 13:20:11 2013
*filter
:INPUT ACCEPT [468:43718]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [374:41531]
:fail2ban-ssh - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Tue Nov  5 13:20:11 2013

Start or restart iptables-persistent service.

service iptables-persistent restart

Now check port 53 is open or not using command:

iptables -L -n

Sample output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
fail2ban-ssh  tcp  --  0.0.0.0/0            0.0.0.0/0            multiport dports 22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:53

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-ssh (3 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

As you see in the above command, port 53 is open. Now your local clients will be able to resolve hostnames.

Test Master DNS Server

Edit file /etc/resolv.conf,

nano /etc/resolv.conf

And add your Master DNS server details,

domain bodi.local
search bodi.local
nameserver 192.168.1.200

Reboot the system or restart the networking service.

service networking restart

Now let us check Master DNS server is working or not using the following commands:

Method 1:

dig master.bodi.local

Sample output:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> master.bodi.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51823
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;master.bodi.local.        IN    A

;; ANSWER SECTION:
master.bodi.local.    604800    IN    A    192.168.1.200

;; AUTHORITY SECTION:
bodi.local.        604800    IN    NS    master.bodi.local.

;; Query time: 14 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Mon Nov  5 19:31:18 2013
;; MSG SIZE  rcvd: 104

Method 2:

dig -x master.bodi.local

Sample Output:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x master.bodi.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 48100
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;local.bodi.master.in-addr.arpa. IN    PTR

;; Query time: 31 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Mon Nov  5 19:30:37 2013
;; MSG SIZE  rcvd: 51

Method 3:

dig bodi.local

Sample output:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> bodi.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65339
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;bodin.local.            IN    A

;; ANSWER SECTION:
bodi.local.        604800    IN    A    192.168.1.200

;; AUTHORITY SECTION:
bodi.local.        604800    IN    NS    master.bodi.local.

;; ADDITIONAL SECTION:
master.bodi.local.    604800    IN    A    192.168.1.200

;; Query time: 11 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Tue Nov  5 13:31:22 2013
;; MSG SIZE  rcvd: 152

Method 4:

dig -x bodi.local

Sample output:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> -x bodi.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3681
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;local.bodi.in-addr.arpa.    IN    PTR

;; AUTHORITY SECTION:
in-addr.arpa.        3600    IN    SOA    b.in-addr-servers.arpa. nstld.iana.org. 2011029787 1800 900 604800 3600

;; Query time: 1590 msec
;; SERVER: 192.168.1.200#53(192.168.1.200)
;; WHEN: Tue Nov  5 13:31:36 2013
;; MSG SIZE  rcvd: 112

Method 5:

nslookup bodi.local

Sample output:

Server:        192.168.1.200
Address:    192.168.1.200#53

Name:    bodi.local
Address: 192.168.1.200

Method 6:

host bodi.local

Sample output:

bodi.local has address 192.168.1.200
bodi.local has IPv6 address ::1

Method 7:

host master.bodi.local

Sample Output:

master.bodi.local has address 192.168.1.200

That’s it. Primary DNS server is ready and working.

 

source: unixmen.com

If you want to add another domain to the server just add the code below to certain file :
Open the file named.conf.local

nano /etc/bind/named.conf.local

Add the following lines to define forward and reverse zone files.

zone    "bodi.local"   {
        type master;
        file    "/etc/bind/for.bodi.local";
 };

zone    "new.domain"   {
        type master;
        file    "/etc/bind/for.new.domain";
 };

zone   "1.168.192.in-addr.arpa"        {
       type master;
       file    "/etc/bind/rev.bodi.local";
 };

Save and close the file.
And then create a forward zone for new domain

nano /etc/bind/for.new.domain

Change the contents as shown below and replace the domain name and ip address with your own.

$TTL    604800
@       IN      SOA     ns1.bodi.local. hostmaster.new.domain. (
         2006080501     ; Serial
              10800     ; Refresh
               3600     ; Retry
             604800     ; Expire
               3600 )   ; Negative Cache TTL

; name servers - NS records
    IN NS ns1.bodi.local.
    IN NS ns2.bodi.local.

; domain mx, cname and A record
new.domain. IN MX 1 aspmx.l.google.com.
new.domain. IN MX 5 alt1.aspmx.l.google.com.
new.domain. IN MX 5 alt2.aspmx.l.google.com.
new.domain. IN MX 10 aspmx2.googlemail.com.
new.domain. IN MX 10 aspmx3.googlemail.com.
new.domain. IN A 192.168.1.200
www IN CNAME new.domain.

; name servers - A records
; ns1.bodi.local. IN A 192.168.1.200
; ns2.bodi.local. IN A 192.168.1.200

Don’t forget to add this “new.domain” to resolv.conf
Edit file /etc/resolv.conf,

nano /etc/resolv.conf

And add your Master DNS server details,

domain new.domain
domain bodi.local
search bodi.local
nameserver 192.168.1.200

Restart the Bind service.

service bind9 restart

Please add the forward zone for new domain exactly as shown above, specially at the name server records. And now you can replace an new.domain name server with ns1.bodi.local and ns2.bodi.local. Dont’t forget to change the domain and ip address.

Related Search

Tags: #ANSWER #AUTHORITY #debian #DNS #linux #LOCAL #QUERY #server

Anda sedang membaca artikel tentang Setup Bind9 On Debian. Silahkan baca artikel blog.bodi.web.id tentang Linux, Tutorial lainnya. Semoga bermanfaat ...

Cara Convert GTP to MBR
Cara Convert GTP to MBR
Sebelum membahas mengenai cara convert GPT to
Menambahkan Swap Pada VPS Linux Debian
Menambahkan Swap Pada VPS Linux Debian
Mungkin tutorial ini sudah jamak di belantara
Restart Linux Service Ketika CPU Load Tinggi
Perkara High CPU Load adalah salah satu
Nginx Configuration Optimize
Worker Processes and Worker Connections The first

Leave a reply "Setup Bind9 On Debian"


Top