Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Looking for some BIND help
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tweakin
n00b
n00b


Joined: 07 Sep 2003
Posts: 68
Location: Minneapolis, MN

PostPosted: Mon Nov 14, 2005 5:17 pm    Post subject: Looking for some BIND help Reply with quote

I could really use a hand configuring BIND. I have spent the better part of the morning reading through the BIND documentation, and, man... I didn't think setting up a name server and dns for one website on one server was going to be such a headache! Is there a good guide around (found one at Gentoo wiki, wasn't so helpful) that anyone knows of? I need something a little more straight to my point as the BIND docs are pretty huge (at least what I get out of them). I am not complaining though, I love that it is so well documented, I just need a little help getting my feet wet on this one before I learn every square inch of things.

Basically, I am trying to configure BIND for one website, I have a static ip address, and it is being run off of one gentoo box that also houses the web server.

Sorry if I sound so helpless, it's been a long morning 8O
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Mon Nov 14, 2005 7:02 pm    Post subject: Reply with quote

For bind versions 9.2.5-r6 and 9.3.1-r8...

BIND files for a home network

Assumes the PC has IP address 192.168.0.8, and also acts as a DNS server for another PC on the home network which has IP address 192.168.0.9.

/etc/bind/named.conf:
Code:
logging {
        // severity can be one of: debug info
        channel "my_syslog" { syslog daemon; severity info; };
        category "default"  { "my_syslog"; "default_debug"; };
};


options {
        directory "/var/bind";
        version "Bind";

        // Interfaces listened on
        listen-on-v6 { none; };
        listen-on { 127.0.0.1; 192.168.0.8; };

        // Allows only specific hosts to use the DNS server
        allow-query { 127.0.0.1; 192.168.0.8; 192.168.0.9; };

        // Lock down recursive queries too
        allow-recursion { 127.0.0.1; 192.168.0.8; 192.168.0.9; };

        // if you have problems and are behind a firewall:
        //query-source address * port 53;
        pid-file "/var/run/named/named.pid";
};


// Prime the server with knowledge of the root servers.
zone "." IN {
        type hint;
        file "named.ca";
};


// Be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912.
zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};


zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};


/etc/bind/pri/127.zone:
Code:
$ORIGIN 127.in-addr.arpa.
$TTL 1W
@              1D IN SOA        localhost. root.localhost. (
                                15     ; Serial
                                3H     ; Refresh
                                15M    ; Retry
                                1W     ; Expiry
                                1D )   ; Minimum
               1D IN NS         localhost.
*              1D IN PTR        localhost.


/etc/bind/pri/localhost.zone:
Code:
$TTL 1W
@       IN      SOA     ns.localhost. root.localhost.  (
                                15     ; Serial
                                3H     ; Refresh
                                15M    ; Retry
                                1W     ; Expiry
                                1D )   ; Minimum
                IN      NS      127.0.0.1
localhost.      IN      A       127.0.0.1


/etc/resolv.conf:
Code:
# This entry may not be needed
nameserver 127.0.0.1

# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname
domain homenetwork


/etc/hosts:
Code:
127.0.0.1       localhost pcname
192.168.0.8     pcname.homenetwork



BIND files for a server

For this example, the server is named "company.com" with IP address 12.34.56.78. It it its own primary DNS server, with two secondary servers provided by the ISP: ns0.nameserver.net and ns1.nameserver.net.

/etc/bind/named.conf:

Code:
logging {
        // severity can be one of: debug info
        channel "my_syslog" { syslog daemon; severity info; };
        category "default" { "my_syslog"; "default_debug"; };
};


options {
        directory "/var/bind";
        version "Bind";

        listen-on-v6 { none; };
        allow-recursion { 127.0.0.1; };

        pid-file "/var/run/named/named.pid";
};


// This is the master server for company.com
zone "company.com" {
        type master;
        file "pri/company.com.zone";
};

// Reverse zone for company.com
zone "78.56.34.12.in-addr.arpa" {
        type master;
        file "pri/78.56.34.12.zone";
};


zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};

zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};


/etc/bind/pri/127.zone and /etc/bind/pri/localhost.zone are the same as specified for a home network above.

/etc/bind/pri/company.com.zone:

Code:
$TTL 3D
company.com. IN    SOA   ns.company.com.  root.company.com.  (
                                        27     ; Serial
                                        1D     ; Refresh
                                        30M    ; Retry
                                        1W     ; Expiry
                                        1D )   ; Minimum
@                       IN      NS      ns.company.com.
@                       IN      NS      ns0.nameserver.net.
@                       IN      NS      ns1.nameserver.net.
@                       IN      MX 0    mail.company.com.
@                       IN      A       12.34.56.78
ns                      IN      A       12.34.56.78
mail                    IN      A       12.34.56.78
www                     IN      A       12.34.56.78
ftp                     IN      A       12.34.56.78


/etc/bind/pri/78.56.34.12.zone: (the 4 components of the IP address are in reverse order)
Code:
$TTL 3D
@                       IN SOA ns.company.com. root.company.com. (
                                        27     ; Serial
                                        1D     ; Refresh
                                        30M    ; Retry
                                        1W     ; Expiry
                                        1D )   ; Minimum
@                               IN NS   ns.company.com.
@                               IN NS   ns0.nameserver.net.
@                               IN NS   ns1.nameserver.net.
@                               IN PTR  company.com.
@                               IN PTR  ns.company.com.
@                               IN PTR  www.company.com.
@                               IN PTR  mail.company.com.
@                               IN PTR  ftp.company.com.


/etc/resolv.conf:
Code:
# This entry may not be needed
nameserver 127.0.0.1

# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname
domain company.com


/etc/hosts:
Code:
127.0.0.1       localhost
12.34.56.78     ns.company.com ns

_________________
Improve your font rendering and ALSA sound


Last edited by PaulBredbury on Tue Jan 03, 2006 2:48 pm; edited 4 times in total
Back to top
View user's profile Send private message
nobspangle
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1317
Location: Manchester, UK

PostPosted: Mon Nov 14, 2005 9:49 pm    Post subject: Reply with quote

In the second example you should also have

Code:
recursion no;

in your options section.

You can also combine the two examples using views so that 1 view is for clients on the internal network and the other view is for clients on the public internet.

This is a really good online guide, and deals with everything from the basics, right up to dynamic updates from dhcp
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Mon Nov 14, 2005 10:53 pm    Post subject: Reply with quote

nobspangle wrote:
recursion no;

Ah, but I forgot to mention that the server is serving DNS lookups for itself, rather than use the ISP's DNS servers, so I've added "allow-recursion" instead (and added /etc/resolv.conf contents). Thanks for the hint.
Back to top
View user's profile Send private message
bhogg
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jun 2003
Posts: 96

PostPosted: Sun Nov 20, 2005 2:26 pm    Post subject: Reply with quote

How would these config files be modified if a DNS server had a dynamic IP address?

Also, by default, there doesn't seem to be a named.pid on my system after emerging bind... other PID's (apache2.pid) seem to have a numeric value in them and nothing else, not sure what this is for.

Thanks,
Brian
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Sun Nov 20, 2005 2:48 pm    Post subject: Reply with quote

bhogg wrote:
How would these config files be modified if a DNS server had a dynamic IP address?

Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.

Quote:
Also, by default, there doesn't seem to be a named.pid on my system after emerging bind

I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named.
Back to top
View user's profile Send private message
bhogg
Tux's lil' helper
Tux's lil' helper


Joined: 29 Jun 2003
Posts: 96

PostPosted: Sun Nov 20, 2005 3:14 pm    Post subject: Reply with quote

Quote:
Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.


The web site is currently for a low-traffic project, and does not need high reliability. I have a no-ip.com address pointing to the same server which works well. Just need this new .ca to forward/resolve to the same address. Needless to say trying to put the no-ip address in zone files didn't do much of anything. The IP Address is resolving locally though, will probably take time to propogate.[/quote]

Quote:
I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named.


I was having issues starting named previously, but now that it is running the .pid file exists where needed.
Back to top
View user's profile Send private message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Thu Oct 05, 2006 11:41 am    Post subject: Reply with quote

Use webmin to configure bind, much easier.
Back to top
View user's profile Send private message
Sakkath
Apprentice
Apprentice


Joined: 06 Nov 2005
Posts: 198
Location: Pawtucket, RI

PostPosted: Thu Nov 02, 2006 2:03 am    Post subject: Reply with quote

Could someone explain the headers better, the refresh, minimum, expiry, default_ttl, and the $TTL at the top? I don't know any of the SOA entries besides serial :-p.
_________________
The person who makes no mistakes does not usually make anything.

Please add [SOLVED] to the subject of your original post when you feel that your problem is resolved.
Back to top
View user's profile Send private message
Eugene33
Apprentice
Apprentice


Joined: 14 Nov 2004
Posts: 167
Location: Lyon

PostPosted: Tue Nov 07, 2006 5:33 pm    Post subject: Reply with quote

Thanks for this tuto, I spent 1 month trying to configure my server correctly, and I finally had it in 2 hours. Thank you ;)
Back to top
View user's profile Send private message
makenoob
Apprentice
Apprentice


Joined: 19 Aug 2004
Posts: 272
Location: /Germany/Düsseldorf

PostPosted: Wed Nov 08, 2006 9:59 am    Post subject: Reply with quote

EvilEye wrote:
Use webmin to configure bind, much easier.


full ACK on that.
it won't hurt if you know what webmin is doing, so that you should dive into the docs after you got it up and running. the o'reilly-books on bind are a good start for that.
Back to top
View user's profile Send private message
hidrogen
n00b
n00b


Joined: 08 Mar 2007
Posts: 51

PostPosted: Wed May 23, 2007 2:42 pm    Post subject: Reply with quote

Hi.

I've followed the BIND files for a home network example but i have a problem.

A PC inside the network cannot ping other pc's from the network except if i use their IP.

Ex:

ping www.google.com -> works fine
ping 192.168.134.100 -> works fine
ping vg.homenetwork -> doesn't work


thanks in advanced
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Wed May 23, 2007 3:02 pm    Post subject: Reply with quote

hidrogen wrote:
ping vg.homenetwork -> doesn't work

That's what "bind files for a server" is for.
Back to top
View user's profile Send private message
hidrogen
n00b
n00b


Joined: 08 Mar 2007
Posts: 51

PostPosted: Wed May 23, 2007 4:05 pm    Post subject: Reply with quote

Done ;)


PaulBredbury wrote:
hidrogen wrote:
ping vg.homenetwork -> doesn't work

That's what "bind files for a server" is for.
Back to top
View user's profile Send private message
Ginta
Tux's lil' helper
Tux's lil' helper


Joined: 17 Feb 2006
Posts: 102
Location: Spain

PostPosted: Thu Sep 20, 2007 2:02 pm    Post subject: Reply with quote

What to do with dynamic IP address? I have a DynDNS account, updated constantly by router, is xxxxx.homelinux.net

How will I need to do to configure ? change the file with reverse IP address to xxxxx.homelinux.net or something else?
_________________
Somebody should use emerge brain on theirselves...
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Thu Sep 20, 2007 4:24 pm    Post subject: Reply with quote

Ginta wrote:
dynamic IP address?

emerge ddclient

Put in /etc/ddclient/ddclient.conf
Code:
daemon=36000
syslog=yes
mail-failure=root
ssl=yes
protocol=dyndns2
use=web
login=yourlogin
password=yourpassword
yoursubname.dyndns.org


You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable.
Back to top
View user's profile Send private message
oddthing
n00b
n00b


Joined: 15 Nov 2006
Posts: 6

PostPosted: Thu Oct 16, 2008 1:10 pm    Post subject: dynamic IP Reply with quote

PaulBredbury wrote:

You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable.


I dunno how i did get around this problem, but at my hosting company i've edited some DNS options and did get redirected even with a dynamic IP, dunno though what DNS program thy run...

i have my domain: example.dom

then i setup that: num.example.dom -> my.dyn.ip

i just confed:
Localname: "num"
Type: "CNAME"
Target: my.dyn.ip


abit knowledge is:
NS = NameServer
MX = MaileXchange
A, AHOST = Address (IP)
CNAME = Hostname


but just for redirecting... my problem now is to get bind to do the rest... so i may get "1.num.example.dom" "2.num.example.dom" and so on...
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Thu Oct 16, 2008 1:42 pm    Post subject: Re: dynamic IP Reply with quote

oddthing wrote:
did get redirected even with a dynamic IP

Of course, but what happens when your IP address changes? That' the point.
Back to top
View user's profile Send private message
oddthing
n00b
n00b


Joined: 15 Nov 2006
Posts: 6

PostPosted: Thu Oct 16, 2008 10:01 pm    Post subject: Re: dynamic IP Reply with quote

PaulBredbury wrote:

Of course, but what happens when your IP address changes? That' the point.


No changes at all... since ddclient changes ip at the my.dyn.ip

Code:

example.dom - num.example.dom
                         |
                   my.dyn.ip    (updated by ddclient)
                         |
               [home computer]  - one.num.example.dom (vhost)
                            - two.num.example.dom (vhost)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum