How to configure BIND (DNS)

dos2unix

dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
3,489
Reaction score
3,221
Credits
31,259

How to Use BIND DNS in Linux​

Introduction​

BIND (Berkeley Internet Name Domain) is the most widely used DNS software on the Internet. It allows you to translate domain names into IP addresses and vice versa. This guide will walk you through setting up a BIND DNS server on a Linux system, including example configuration files for named.conf, a forward zone file, and a reverse zone file.

Installing BIND​

First, install BIND on your Linux system.

On Debian-based systems:​

Code: 
sudo apt update
sudo apt install bind9 bind9utils bind9-doc

On RPM-based systems:​

Code: 
sudo dnf install bind bind-utils

Configuration Files​

BIND configuration files are typically located in /etc/bind on Debian-based systems and /etc/named on Red Hat-based systems.

named.conf​

This is the main configuration file for BIND.

Code: 
options {
    directory "/var/cache/bind";
    forwarders {
        8.8.8.8; // Google's DNS
        8.8.4.4; // Google's DNS
    };
    dnssec-validation auto;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/db.192.168.1";
};

Forward Zone File (db.example.com)​

This file contains the DNS records for the example.com domain.

Code: 
$TTL 86400
@   IN  SOA ns1.example.com. admin.example.com. (
            2024123001 ; Serial
            3600       ; Refresh
            1800       ; Retry
            1209600    ; Expire
            86400 )    ; Minimum TTL
@   IN  NS  ns1.example.com.
@   IN  NS  ns2.example.com.
@   IN  MX  10 mail.example.com.
@   IN  A   192.168.1.1
www IN  A   192.168.1.2
mail IN  A   192.168.1.3
ftp  IN  CNAME www

Reverse Zone File (db.192.168.1)​

This file contains the reverse DNS records for the 192.168.1.x subnet.

Code: 
$TTL 86400
@   IN  SOA ns1.example.com. admin.example.com. (
            2024123001 ; Serial
            3600       ; Refresh
            1800       ; Retry
            1209600    ; Expire
            86400 )    ; Minimum TTL
@   IN  NS  ns1.example.com.
@   IN  NS  ns2.example.com.
1   IN  PTR example.com.
2   IN  PTR www.example.com.
3   IN  PTR mail.example.com.

Explanation of DNS Records​

  • SOA (Start of Authority): This record indicates the primary DNS server for the domain, the email of the domain administrator, and various timers relating to refreshing the zone.
  • Serial Number: This is a version number for the zone file. It must be incremented each time the zone file is updated to ensure changes propagate to secondary DNS servers.
  • NS (Name Server): This record specifies the authoritative DNS servers for the domain.
  • A (Address): This record maps a domain name to an IPv4 address.
  • PTR (Pointer): This record maps an IP address to a domain name (used in reverse DNS lookups).
  • MX (Mail Exchange): This record specifies the mail servers for the domain.
  • CNAME (Canonical Name): This record maps an alias name to a true or canonical domain name.

SOA Record Timers​

The SOA record includes several important timers:

  • Refresh: This is the interval (in seconds) at which secondary DNS servers will query the primary DNS server to check for updates to the zone file. For example, a refresh value of 3600 means the secondary server will check for updates every hour.
  • Retry: If a secondary server fails to contact the primary server during a refresh attempt, it will wait for the retry interval before trying again. A typical retry value might be 1800 seconds (30 minutes).
  • Expire: This is the time (in seconds) that a secondary server will continue to use the zone data if it cannot contact the primary server. After this period, the data is considered stale and will no longer be used. An example value might be 1209600 seconds (14 days).
  • Minimum TTL: This value is used for negative caching, which is the time that a DNS resolver will cache a negative response (e.g., a non-existent domain). It can also serve as the default TTL for all records in the zone if not specified individually. A common value is 86400 seconds (1 day).

Internal vs. Public DNS Servers​

  • Internal Private DNS Server: Used within a private network to resolve internal hostnames and IP addresses. It is not accessible from the public Internet.
  • Public Registered DNS Server: Used to resolve domain names on the public Internet. It must be registered with a domain registrar and is accessible globally.

Conclusion​

Setting up a BIND DNS server involves configuring the main named.conf file and creating zone files for forward and reverse lookups. Understanding the different types of DNS records and their purposes is crucial for managing a DNS server effectively. Whether you're setting up an internal DNS server for a private network or a public DNS server for a domain, BIND provides a robust solution for DNS management.
 


Understanding Root DNS Servers​

What Are Root DNS Servers?​

Root DNS servers are the top-level DNS servers in the hierarchical Domain Name System (DNS) structure. They are responsible for directing DNS queries to the appropriate top-level domain (TLD) servers, such as .com, .org, .net, and country code TLDs like .jp for Japan or .uk for the United Kingdom.

There are 13 root server addresses, but due to the use of anycast routing, there are many more physical servers distributed globally to handle the load and provide redundancy. These root servers are crucial for the functioning of the Internet as they are the first step in translating human-readable domain names into IP addresses.

List of Root DNS Servers​

Here are the 13 root server addresses, each managed by different organizations:

  1. a.root-servers.net - Operated by Verisign, Inc.
  2. b.root-servers.net - Operated by the University of Southern California, Information Sciences Institute
  3. c.root-servers.net - Operated by Cogent Communications
  4. d.root-servers.net - Operated by the University of Maryland
  5. e.root-servers.net - Operated by NASA (Ames Research Center)
  6. f.root-servers.net - Operated by the Internet Systems Consortium, Inc.
  7. g.root-servers.net - Operated by the US Department of Defense (NIC)
  8. h.root-servers.net - Operated by the US Army (Research Lab)
  9. i.root-servers.net - Operated by Netnod
  10. j.root-servers.net - Operated by Verisign, Inc.
  11. k.root-servers.net - Operated by RIPE NCC
  12. l.root-servers.net - Operated by ICANN
  13. m.root-servers.net- Operated by the WIDE Project

How Root DNS Servers Work​

When a DNS resolver receives a query for a domain name, it starts by contacting a root DNS server. The root server responds with a referral to the appropriate TLD server. The resolver then queries the TLD server, which in turn refers it to the authoritative DNS server for the specific domain. This process continues until the resolver obtains the IP address associated with the domain name.

DNS Registry Providers​

DNS registry providers are organizations that manage the registration of domain names within specific TLDs. Here are some well-known DNS registry providers:

  1. Verisign - Manages the .com and .net TLDs.
  2. Public Interest Registry (PIR) - Manages the .org TLD.
  3. Afilias - Manages various TLDs, including .info and .mobi.
  4. Nominet - Manages the .uk TLD.
  5. DENIC - Manages the .de TLD for Germany.
  6. Neustar - Manages the .biz and .us TLDs.
  7. CentralNic - Manages various TLDs, including .xyz and .site.
  8. Donuts Inc. - Manages a large number of new gTLDs like .email and .guru.

Conclusion​

Root DNS servers play a critical role in the DNS hierarchy by directing queries to the appropriate TLD servers. Understanding their function helps in appreciating the complexity and robustness of the Internet's DNS infrastructure. Additionally, knowing about DNS registry providers can help you choose the right organization for registering your domain names.
 

Testing Your DNS Server with resolvectl, nslookup, and dig​

When managing a DNS server, it's crucial to ensure that it resolves domain names correctly. Here are three tools you can use to test your DNS server: resolvectl, nslookup, and dig.

1. Using resolvectl​

resolvectl is a command-line tool for resolving domain names, IP addresses, and other DNS-related queries. It's part of the systemd suite.

Basic Usage:

To resolve a domain name:
Code: 
 resolvectl query example.com

To check the DNS servers being used:
Code: 
 resolvectl status

2. Using nslookup​

nslookup is a network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping.

Basic Usage:

To resolve a domain name:
Code: 
 nslookup example.com

To specify a DNS server for the query:
Code: 
 nslookup example.com 8.8.8.8

3. Using dig​

dig (Domain Information Groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the queried name server(s).

Basic Usage:

To resolve a domain name:
Code: 
 dig example.com

To query a specific DNS server:
Code: 
 dig @8.8.8.8 example.com

To get detailed output:
Code: 
 dig +trace example.com
 
You must log in or register to reply here.

Similar threads

L
DNS configuration using bind9
Replies
3
Views
2K
dos2unix
dos2unix
C
Struggling with DHCP Setup and Network Configuration in Fedora VMs - Need Assistance
Replies
5
Views
2K
dos2unix
dos2unix
Jarret B
LFCS – DNS and E-mail (Ubuntu and some CentOS)
Replies
0
Views
6K
Jarret B
Jarret B
Jarret B
LFCS – BIND DNS Management
Replies
2
Views
6K
Jarret B
Jarret B
A
DNS parent and child zones - which are required
Replies
5
Views
4K
dos2unix
dos2unix


Members online

Total: 931 (members: 3, guests: 928)

Latest posts

Top