View previous topic :: View next topic |
Author |
Message |
Tweakin n00b
Joined: 07 Sep 2003 Posts: 68 Location: Minneapolis, MN
|
Posted: Mon Nov 14, 2005 5:17 pm Post subject: Looking for some BIND help |
|
|
I could really use a hand configuring BIND. I have spent the better part of the morning reading through the BIND documentation, and, man... I didn't think setting up a name server and dns for one website on one server was going to be such a headache! Is there a good guide around (found one at Gentoo wiki, wasn't so helpful) that anyone knows of? I need something a little more straight to my point as the BIND docs are pretty huge (at least what I get out of them). I am not complaining though, I love that it is so well documented, I just need a little help getting my feet wet on this one before I learn every square inch of things.
Basically, I am trying to configure BIND for one website, I have a static ip address, and it is being run off of one gentoo box that also houses the web server.
Sorry if I sound so helpless, it's been a long morning |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Mon Nov 14, 2005 7:02 pm Post subject: |
|
|
For bind versions 9.2.5-r6 and 9.3.1-r8...
BIND files for a home network
Assumes the PC has IP address 192.168.0.8, and also acts as a DNS server for another PC on the home network which has IP address 192.168.0.9.
/etc/bind/named.conf:
Code: | logging {
// severity can be one of: debug info
channel "my_syslog" { syslog daemon; severity info; };
category "default" { "my_syslog"; "default_debug"; };
};
options {
directory "/var/bind";
version "Bind";
// Interfaces listened on
listen-on-v6 { none; };
listen-on { 127.0.0.1; 192.168.0.8; };
// Allows only specific hosts to use the DNS server
allow-query { 127.0.0.1; 192.168.0.8; 192.168.0.9; };
// Lock down recursive queries too
allow-recursion { 127.0.0.1; 192.168.0.8; 192.168.0.9; };
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
};
// Prime the server with knowledge of the root servers.
zone "." IN {
type hint;
file "named.ca";
};
// Be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912.
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
|
/etc/bind/pri/127.zone:
Code: | $ORIGIN 127.in-addr.arpa.
$TTL 1W
@ 1D IN SOA localhost. root.localhost. (
15 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expiry
1D ) ; Minimum
1D IN NS localhost.
* 1D IN PTR localhost.
|
/etc/bind/pri/localhost.zone:
Code: | $TTL 1W
@ IN SOA ns.localhost. root.localhost. (
15 ; Serial
3H ; Refresh
15M ; Retry
1W ; Expiry
1D ) ; Minimum
IN NS 127.0.0.1
localhost. IN A 127.0.0.1
|
/etc/resolv.conf:
Code: | # This entry may not be needed
nameserver 127.0.0.1
# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname
domain homenetwork
|
/etc/hosts:
Code: | 127.0.0.1 localhost pcname
192.168.0.8 pcname.homenetwork |
BIND files for a server
For this example, the server is named "company.com" with IP address 12.34.56.78. It it its own primary DNS server, with two secondary servers provided by the ISP: ns0.nameserver.net and ns1.nameserver.net.
/etc/bind/named.conf:
Code: | logging {
// severity can be one of: debug info
channel "my_syslog" { syslog daemon; severity info; };
category "default" { "my_syslog"; "default_debug"; };
};
options {
directory "/var/bind";
version "Bind";
listen-on-v6 { none; };
allow-recursion { 127.0.0.1; };
pid-file "/var/run/named/named.pid";
};
// This is the master server for company.com
zone "company.com" {
type master;
file "pri/company.com.zone";
};
// Reverse zone for company.com
zone "78.56.34.12.in-addr.arpa" {
type master;
file "pri/78.56.34.12.zone";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
|
/etc/bind/pri/127.zone and /etc/bind/pri/localhost.zone are the same as specified for a home network above.
/etc/bind/pri/company.com.zone:
Code: | $TTL 3D
company.com. IN SOA ns.company.com. root.company.com. (
27 ; Serial
1D ; Refresh
30M ; Retry
1W ; Expiry
1D ) ; Minimum
@ IN NS ns.company.com.
@ IN NS ns0.nameserver.net.
@ IN NS ns1.nameserver.net.
@ IN MX 0 mail.company.com.
@ IN A 12.34.56.78
ns IN A 12.34.56.78
mail IN A 12.34.56.78
www IN A 12.34.56.78
ftp IN A 12.34.56.78
|
/etc/bind/pri/78.56.34.12.zone: (the 4 components of the IP address are in reverse order)
Code: | $TTL 3D
@ IN SOA ns.company.com. root.company.com. (
27 ; Serial
1D ; Refresh
30M ; Retry
1W ; Expiry
1D ) ; Minimum
@ IN NS ns.company.com.
@ IN NS ns0.nameserver.net.
@ IN NS ns1.nameserver.net.
@ IN PTR company.com.
@ IN PTR ns.company.com.
@ IN PTR www.company.com.
@ IN PTR mail.company.com.
@ IN PTR ftp.company.com.
|
/etc/resolv.conf:
Code: | # This entry may not be needed
nameserver 127.0.0.1
# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname
domain company.com
|
/etc/hosts:
Code: | 127.0.0.1 localhost
12.34.56.78 ns.company.com ns |
_________________ Improve your font rendering and ALSA sound
Last edited by PaulBredbury on Tue Jan 03, 2006 2:48 pm; edited 4 times in total |
|
Back to top |
|
|
nobspangle Veteran
Joined: 23 Mar 2004 Posts: 1318 Location: Manchester, UK
|
Posted: Mon Nov 14, 2005 9:49 pm Post subject: |
|
|
In the second example you should also have
in your options section.
You can also combine the two examples using views so that 1 view is for clients on the internal network and the other view is for clients on the public internet.
This is a really good online guide, and deals with everything from the basics, right up to dynamic updates from dhcp |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Mon Nov 14, 2005 10:53 pm Post subject: |
|
|
nobspangle wrote: | recursion no; |
Ah, but I forgot to mention that the server is serving DNS lookups for itself, rather than use the ISP's DNS servers, so I've added "allow-recursion" instead (and added /etc/resolv.conf contents). Thanks for the hint. |
|
Back to top |
|
|
bhogg Tux's lil' helper
Joined: 29 Jun 2003 Posts: 96
|
Posted: Sun Nov 20, 2005 2:26 pm Post subject: |
|
|
How would these config files be modified if a DNS server had a dynamic IP address?
Also, by default, there doesn't seem to be a named.pid on my system after emerging bind... other PID's (apache2.pid) seem to have a numeric value in them and nothing else, not sure what this is for.
Thanks,
Brian |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Sun Nov 20, 2005 2:48 pm Post subject: |
|
|
bhogg wrote: | How would these config files be modified if a DNS server had a dynamic IP address? |
Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.
Quote: | Also, by default, there doesn't seem to be a named.pid on my system after emerging bind |
I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named. |
|
Back to top |
|
|
bhogg Tux's lil' helper
Joined: 29 Jun 2003 Posts: 96
|
Posted: Sun Nov 20, 2005 3:14 pm Post subject: |
|
|
Quote: | Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability. |
The web site is currently for a low-traffic project, and does not need high reliability. I have a no-ip.com address pointing to the same server which works well. Just need this new .ca to forward/resolve to the same address. Needless to say trying to put the no-ip address in zone files didn't do much of anything. The IP Address is resolving locally though, will probably take time to propogate.[/quote]
Quote: | I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named. |
I was having issues starting named previously, but now that it is running the .pid file exists where needed. |
|
Back to top |
|
|
Evileye l33t
Joined: 06 Aug 2003 Posts: 782 Location: Toronto
|
Posted: Thu Oct 05, 2006 11:41 am Post subject: |
|
|
Use webmin to configure bind, much easier. |
|
Back to top |
|
|
Sakkath Apprentice
Joined: 06 Nov 2005 Posts: 198 Location: Pawtucket, RI
|
Posted: Thu Nov 02, 2006 2:03 am Post subject: |
|
|
Could someone explain the headers better, the refresh, minimum, expiry, default_ttl, and the $TTL at the top? I don't know any of the SOA entries besides serial :-p. _________________ The person who makes no mistakes does not usually make anything.
Please add [SOLVED] to the subject of your original post when you feel that your problem is resolved. |
|
Back to top |
|
|
Eugene33 Apprentice
Joined: 14 Nov 2004 Posts: 167 Location: Lyon
|
Posted: Tue Nov 07, 2006 5:33 pm Post subject: |
|
|
Thanks for this tuto, I spent 1 month trying to configure my server correctly, and I finally had it in 2 hours. Thank you |
|
Back to top |
|
|
makenoob Apprentice
Joined: 19 Aug 2004 Posts: 272 Location: /Germany/Düsseldorf
|
Posted: Wed Nov 08, 2006 9:59 am Post subject: |
|
|
EvilEye wrote: | Use webmin to configure bind, much easier. |
full ACK on that.
it won't hurt if you know what webmin is doing, so that you should dive into the docs after you got it up and running. the o'reilly-books on bind are a good start for that. |
|
Back to top |
|
|
hidrogen n00b
Joined: 08 Mar 2007 Posts: 51
|
Posted: Wed May 23, 2007 2:42 pm Post subject: |
|
|
Hi.
I've followed the BIND files for a home network example but i have a problem.
A PC inside the network cannot ping other pc's from the network except if i use their IP.
Ex:
ping www.google.com -> works fine
ping 192.168.134.100 -> works fine
ping vg.homenetwork -> doesn't work
thanks in advanced |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Wed May 23, 2007 3:02 pm Post subject: |
|
|
hidrogen wrote: | ping vg.homenetwork -> doesn't work |
That's what "bind files for a server" is for. |
|
Back to top |
|
|
hidrogen n00b
Joined: 08 Mar 2007 Posts: 51
|
Posted: Wed May 23, 2007 4:05 pm Post subject: |
|
|
Done
PaulBredbury wrote: | hidrogen wrote: | ping vg.homenetwork -> doesn't work |
That's what "bind files for a server" is for. |
|
|
Back to top |
|
|
Ginta Apprentice
Joined: 17 Feb 2006 Posts: 152 Location: Spain
|
Posted: Thu Sep 20, 2007 2:02 pm Post subject: |
|
|
What to do with dynamic IP address? I have a DynDNS account, updated constantly by router, is xxxxx.homelinux.net
How will I need to do to configure ? change the file with reverse IP address to xxxxx.homelinux.net or something else? _________________ Some people should use emerge brain on theirselves... |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Thu Sep 20, 2007 4:24 pm Post subject: |
|
|
Ginta wrote: | dynamic IP address? |
emerge ddclient
Put in /etc/ddclient/ddclient.conf
Code: | daemon=36000
syslog=yes
mail-failure=root
ssl=yes
protocol=dyndns2
use=web
login=yourlogin
password=yourpassword
yoursubname.dyndns.org |
You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable. |
|
Back to top |
|
|
oddthing n00b
Joined: 15 Nov 2006 Posts: 6
|
Posted: Thu Oct 16, 2008 1:10 pm Post subject: dynamic IP |
|
|
PaulBredbury wrote: |
You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable. |
I dunno how i did get around this problem, but at my hosting company i've edited some DNS options and did get redirected even with a dynamic IP, dunno though what DNS program thy run...
i have my domain: example.dom
then i setup that: num.example.dom -> my.dyn.ip
i just confed:
Localname: "num"
Type: "CNAME"
Target: my.dyn.ip
abit knowledge is:
NS = NameServer
MX = MaileXchange
A, AHOST = Address (IP)
CNAME = Hostname
but just for redirecting... my problem now is to get bind to do the rest... so i may get "1.num.example.dom" "2.num.example.dom" and so on... |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Thu Oct 16, 2008 1:42 pm Post subject: Re: dynamic IP |
|
|
oddthing wrote: | did get redirected even with a dynamic IP |
Of course, but what happens when your IP address changes? That' the point. |
|
Back to top |
|
|
oddthing n00b
Joined: 15 Nov 2006 Posts: 6
|
Posted: Thu Oct 16, 2008 10:01 pm Post subject: Re: dynamic IP |
|
|
PaulBredbury wrote: |
Of course, but what happens when your IP address changes? That' the point. |
No changes at all... since ddclient changes ip at the my.dyn.ip
Code: |
example.dom - num.example.dom
|
my.dyn.ip (updated by ddclient)
|
[home computer] - one.num.example.dom (vhost)
- two.num.example.dom (vhost) |
|
|
Back to top |
|
|
|