Need help setting up bind

Adel Ahmed · Veteran Joined: 21 Sep 2012 Posts: 1523

I'm trying to create a simple dns server
here's my network:
dns server 192.168.1.6
laptop 192.168.1.11
winmaster 192.168.1.12
winbmrclient 192.168.1.13

I just need to be able to resolve these names to IPs via the DNS
having the dns server referring to another dns server for resolution(for internet access) would be nice too
I have emerged bind but I'm a bit clueless about the configuration file, and the gentoo entry was a little complicated.
I'm new to bind so please keep it simple

thanks

John R. Graham · Posted: Fri Jun 14, 2013 5:05 pm Post subject:

Have you seen then Gentoo BIND Guide?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.

666threesixes666 · Posted: Fri Jun 14, 2013 5:28 pm Post subject:

jrg, wouldnt resolving this issue be as simple as starting named at boot, pointing all devices to dns server, then having a host file with ip addresses / aliases on the name server? (bind resolves outside stuff out of the box, though id run through the namebench gauntlet and feed it the fastest possible name servers)

Adel Ahmed · Veteran Joined: 21 Sep 2012 Posts: 1523

yup
I keep getting this error though:
* Starting named ...
* Checking named configuration ... [ ok ]
* start-stop-daemon: failed to start `/usr/sbin/named' [ !! ]
* ERROR: named failed to start

I dont think its a configuration error, the configuration errors were explicitly mentioned when starting
I've messed aroudn with the configuration files alot so I thought a fresh start would be much better

John R. Graham · Posted: Fri Jun 14, 2013 5:29 pm Post subject:

666threesixes666 · Posted: Fri Jun 14, 2013 5:44 pm Post subject:

searching the doc you posted, yields zero results for "dhcp" & "DHCP" id say more like 1/3rd, because how are you going to name hosts, or statically assign the same ip to servers? what complicated entry do you refer to original poster? (link please)

i know how to do this with dnsmasq serving up dhcp, static addresses based off of macs, and caching dns, but i am interested in BIND to do this as dnsmasq is not corporate grade. second, what DHCP server do you suggest to do this JRG? i realized that i didnt test dnsmasq doing host name resolutions through dhcp of the host pc naming its self, and using static /etc/host entries.

John R. Graham · Posted: Fri Jun 14, 2013 6:05 pm Post subject:

Adel Ahmed · Veteran Joined: 21 Sep 2012 Posts: 1523

I need to create a dhcp server as well?

666threesixes666 · Posted: Sat Jun 15, 2013 6:42 am Post subject:

first, before doing anything else, make sure 192.168.1.6 can dig google.com, and can start bind.

make sure as root

/etc/init.d/named status

produces

* status:started

then once you have that squared away

try putting in the name server box's /etc/hosts

192.168.1.6 dns
192.168.1.11 laptop
192.168.1.12 winmaster
192.168.1.13 winbmrclient

"having the dns server referring to another dns server for resolution" no need to change any configs, it does this the moment its merged...
on .11 box as root

echo "nameserver 192.168.1.6" >> /etc/resolv.conf

& put # in front of all other nameserver references by means of nano.

dig google.com, from .11 if you get a response good, do the echo command & commenting to other boxes. (if not uncomment other name servers, and comment .6 entry)

if windows set name server to 192.168.1.6 in static ip configuration.

"cya" references

Adel Ahmed · Veteran Joined: 21 Sep 2012 Posts: 1523

well I've removed my previous config and started the service
however the clients cannot resolve each other
all my clients are windows machines, I'm not sure if this affects the config somehow

edit:
sorry about that, I just looked at the config file and found out my subnet was not added to the trusted acl

edit2:
actually, it's forwarding an the internet names can be resolved, the hosts in /etc/hosts are not resolvable.
I'll work on using those zone directives

Adel Ahmed · Veteran Joined: 21 Sep 2012 Posts: 1523

here's my zone file:
$TTL 3D
@ IN SOA ns.me. adel.me. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.me.
1 PTR localhost.
pc A 192.168.1.6

I just used a zone file from another website so I honestly do not understand the directives

cwr · Veteran Joined: 17 Dec 2005 Posts: 1969

These are the config files I use for an isolated network with a desktop
machine used as a bind server, http server, etc. The various machine
numbers have been changed, but farthing is the desktop (server) and florin
a laptop (client). Some of the lease time-outs are very short, intended
to deal with Virtualbox instances and Arduino programming.

I can't remember much about how I set it up, several years ago, but basically
I followed the instructions. Be careful; things may have changed since then
and some of the options/settings gone out of fashion. And be especially
careful of trailing '.'s in bind db files.

Will

(It's an isolated network, but I'm pretty sure it would play nicely with
a router and the internet if I gave it the chance.)

##########################################
/etc/dhcp/dhcpd.conf
##########################################
#
# dhcpd.conf
#
# Configuration file for ISC dhcpd on farthing.
#

# Decimal / binary masks.
# 192 decimal is 11000000
# 224 decimal is 11100000
# 240 decimal is 11110000

# Option definitions common to all supported networks.
option domain-name "seckford.org";
option domain-name-servers localhost, farthing;

# Lease times. The default is used for virtual machines.
# Note that Bind uses half this duration as TTL.
default-lease-time 600;
max-lease-time 7200;

# DDNS methods (not used on this network).
ddns-domainname "seckford.org";
ddns-update-style interim;
do-forward-updates true;
allow client-updates;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local1;

# This is used for DDNS.
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret xxxxxxxxxxxxxxxxxxxxxxxx;
}

zone seckford.org. {
primary 123.456.78.196;
#primary 127.0.0.1;
key DHCP_UPDATER;
}

zone 78.456.123.in-addr.arpa. {
primary 123.456.78.196;
#primary 127.0.0.1;
key DHCP_UPDATER;
}

# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This declares the addresses available for dynamic assignment.
# The dynamically-assigned addresses form a subnet with a 240 mask,
# but that is something for routing, not addressing, to deal with.
# Sort out this masking; is wired/wireless split useful ???
subnet 123.456.78.192 netmask 255.255.255.224 {
range 123.456.78.200 123.456.78.222;
#option subnet-mask 255.255.255.240;
option broadcast-address 123.456.78.255;
option domain-name-servers 123.456.78.196;
}

# This declares an interface on the AP COINS.
# The wlan0 interface is set to 224 in conf.d/net
# Is the name server on 196 accessible?
subnet 123.456.78.224 netmask 255.255.255.224 {
range 123.456.78.225 123.456.78.254;
#option subnet-mask 255.255.255.224;
option broadcast-address 123.456.78.255;
option domain-name-servers 123.456.78.196;
}

# These are the subnets used when running without Bind.

# Empty subnet on 123.456.78.0 (controlled by farthing).
# subnet 123.456.78.0 netmask 255.255.255.0 {
#}

# Empty subnet on wlan0
subnet 192.168.0.0 netmask 255.255.255.0 {
}

# Subnet used for Arduino programming.
# The Asus WL-330gE uses the address
# 192.168.1.220 by default.
subnet 192.168.1.0 netmask 255.255.255.0 {
# The T23 dhcpd is on 192.168.1.20
range 192.168.1.8 192.168.1.19;
option domain-name "seckford.org";
option broadcast-address 192.168.1.255;
# Without the max-lease-time setting
# the minimum default is 300 seconds.
default-lease-time 120;
max-lease-time 120;
}

# Should this group of fixed address have a zone of their own, so that
# common options can be set?

# T23 Laptop one
host florin {
hardware ethernet 11:22:33:44:55:66;
fixed-address 123.456.78.199;
}

# ASUS Desktop
host farthing {
hardware ethernet 11:22:33:44:55:66;
fixed-address 123.456.78.196;
}
#
# and the rest.
#
##########################################
/etc/bind/named.conf
##########################################
//
// named.conf for the seckford.org domain.
//
options {
directory "/etc/bind"; // Working directory
pid-file "/var/run/named/named.pid"; // PID file
allow-query-cache { any; }; // Allow access to cache
allow-query { 123.456.78.0/24; }; // Permit local queries only
//allow-query { any; }; // This is the default
//forward only; // Query the forwarders only, not first
//forwarders { 123.456.78.199; }; // Default is the empty list
//allow-transfer { none; }; // For security
//recursion yes; // dnsmasq requires recursion
recursion no;
files 4096; // Set max file count to max socket count
};

// Set up direct logging, ie. not via syslog.
logging {
channel default_log {
file "/var/log/named/named.log" versions 4 size 5M;
print-time yes;
print-category yes;
print-severity yes;
};
category default { default_log; };
category general { default_log; };
};

zone "." IN {
type hint;
file "root.hints";
};

// Forward lookups on the local host.
zone "localdomain" IN {
type master;
notify no;
file "master/localhost.db";
};

// Reverse lookups on the local host.
zone "0.0.127.in-addr.arpa" IN {
type master;
notify no;
file "master/localhost.rev.db";
};

// DDNS requires security.
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret xxxxxxxxxxxxxxxxxxxxxxxx;
};

// We are the master server for seckford.org
zone "seckford.org" IN {
type master;
notify no;
#allow-update { 123.456.78.0; };
allow-update { key DHCP_UPDATER; };
file "master/seckford.org.db";
};

// Reverse lookups on the domain.
zone "78.456.123.in-addr.arpa" IN {
type master;
notify no;
#allow-update { 123.456.78.0; };
allow-update { key DHCP_UPDATER; };
file "master/seckford.org.rev.db";
};

// EOF
##########################################
/etc/bind/master/localhost.db
##########################################
$TTL 86400
; localhost.db
@ IN SOA localhost.localdomain. admin.localhost.localdomain. (
001
3h
15
1w
3h
)

IN NS localhost.localdomain.
localhost IN A 127.0.0.1
##########################################
/etc/bind/master/localhost.rev.db
##########################################
$TTL 86400
; localhost.rev.db
@ IN SOA localhost. admin.localhost. (
001
3h
15
1w
3h
)

@ IN NS localhost.
1 IN PTR localhost.
##########################################
/etc/bind/master/seckford.org.db
##########################################
$ORIGIN .
$TTL 3600 ; 1 hour
seckford.org IN SOA farthing.seckford.org. admin.seckford.org. (
1373 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
300 ; minimum (5 minutes)
)
NS farthing.seckford.org.
MX 10 farthing.seckford.org.
$ORIGIN seckford.org.
data CNAME florin
docs CNAME farthing
farthing A 123.456.78.196
florin A 123.456.78.199
ftp CNAME farthing
hg CNAME farthing
news CNAME florin
www CNAME farthing
##########################################
/etc/bind/master/seckford.org.rev.db
##########################################
$ORIGIN .
$TTL 3600 ; 1 hour
78.456.123.in-addr.arpa IN SOA farthing.seckford.org. admin.seckford.org. (
918 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
300 ; minimum (5 minutes)
)
NS farthing.seckford.org.
$ORIGIN 78.456.123.in-addr.arpa.
196 PTR farthing.seckford.org.
199 PTR florin.seckford.org.
$TTL 150 ; 2 minutes 30 seconds
218 PTR Nanode.seckford.org.
##########################################