Looking for some BIND help

Message

Tweakin · Post by **Tweakin** » Mon Nov 14, 2005 5:17 pm

I could really use a hand configuring BIND. I have spent the better part of the morning reading through the BIND documentation, and, man... I didn't think setting up a name server and dns for one website on one server was going to be such a headache! Is there a good guide around (found one at Gentoo wiki, wasn't so helpful) that anyone knows of? I need something a little more straight to my point as the BIND docs are pretty huge (at least what I get out of them). I am not complaining though, I love that it is so well documented, I just need a little help getting my feet wet on this one before I learn every square inch of things.

Basically, I am trying to configure BIND for one website, I have a static ip address, and it is being run off of one gentoo box that also houses the web server.

Sorry if I sound so helpless, it's been a long morning

PaulBredbury · Post by **PaulBredbury** » Mon Nov 14, 2005 7:02 pm

For bind versions 9.2.5-r6 and 9.3.1-r8...

BIND files for a home network

Assumes the PC has IP address 192.168.0.8, and also acts as a DNS server for another PC on the home network which has IP address 192.168.0.9.

/etc/bind/named.conf:

Code: Select all

logging {
        // severity can be one of: debug info
        channel "my_syslog" { syslog daemon; severity info; };
        category "default"  { "my_syslog"; "default_debug"; };
};


options {
        directory "/var/bind";
        version "Bind";

        // Interfaces listened on
        listen-on-v6 { none; };
        listen-on { 127.0.0.1; 192.168.0.8; };

        // Allows only specific hosts to use the DNS server
        allow-query { 127.0.0.1; 192.168.0.8; 192.168.0.9; };

        // Lock down recursive queries too
        allow-recursion { 127.0.0.1; 192.168.0.8; 192.168.0.9; };

        // if you have problems and are behind a firewall:
        //query-source address * port 53;
        pid-file "/var/run/named/named.pid";
};


// Prime the server with knowledge of the root servers.
zone "." IN {
        type hint;
        file "named.ca";
};


// Be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912.
zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};


zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};

/etc/bind/pri/127.zone:

Code: Select all

$ORIGIN 127.in-addr.arpa.
$TTL 1W
@              1D IN SOA        localhost. root.localhost. (
                                15     ; Serial
                                3H     ; Refresh
                                15M    ; Retry
                                1W     ; Expiry
                                1D )   ; Minimum
               1D IN NS         localhost.
*              1D IN PTR        localhost.

/etc/bind/pri/localhost.zone:

Code: Select all

$TTL 1W
@       IN      SOA     ns.localhost. root.localhost.  (
                                15     ; Serial
                                3H     ; Refresh
                                15M    ; Retry
                                1W     ; Expiry
                                1D )   ; Minimum
                IN      NS      127.0.0.1
localhost.      IN      A       127.0.0.1

/etc/resolv.conf:

Code: Select all

# This entry may not be needed
nameserver 127.0.0.1

# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname
domain homenetwork

/etc/hosts:

Code: Select all

127.0.0.1       localhost pcname
192.168.0.8     pcname.homenetwork

BIND files for a server

For this example, the server is named "company.com" with IP address 12.34.56.78. It it its own primary DNS server, with two secondary servers provided by the ISP: ns0.nameserver.net and ns1.nameserver.net.

/etc/bind/named.conf:

Code: Select all

logging {
        // severity can be one of: debug info
        channel "my_syslog" { syslog daemon; severity info; };
        category "default" { "my_syslog"; "default_debug"; };
};


options {
        directory "/var/bind";
        version "Bind";

        listen-on-v6 { none; };
        allow-recursion { 127.0.0.1; };

        pid-file "/var/run/named/named.pid";
};


// This is the master server for company.com
zone "company.com" {
        type master;
        file "pri/company.com.zone";
};

// Reverse zone for company.com
zone "78.56.34.12.in-addr.arpa" {
        type master;
        file "pri/78.56.34.12.zone";
};


zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};

zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};

/etc/bind/pri/127.zone and /etc/bind/pri/localhost.zone are the same as specified for a home network above.

/etc/bind/pri/company.com.zone:

Code: Select all

$TTL 3D
company.com. IN    SOA   ns.company.com.  root.company.com.  (
                                        27     ; Serial
                                        1D     ; Refresh
                                        30M    ; Retry
                                        1W     ; Expiry
                                        1D )   ; Minimum
@                       IN      NS      ns.company.com.
@                       IN      NS      ns0.nameserver.net.
@                       IN      NS      ns1.nameserver.net.
@                       IN      MX 0    mail.company.com.
@                       IN      A       12.34.56.78
ns                      IN      A       12.34.56.78
mail                    IN      A       12.34.56.78
www                     IN      A       12.34.56.78
ftp                     IN      A       12.34.56.78

/etc/bind/pri/78.56.34.12.zone: (the 4 components of the IP address are in reverse order)

Code: Select all

$TTL 3D
@                       IN SOA ns.company.com. root.company.com. (
                                        27     ; Serial
                                        1D     ; Refresh
                                        30M    ; Retry
                                        1W     ; Expiry
                                        1D )   ; Minimum
@                               IN NS   ns.company.com.
@                               IN NS   ns0.nameserver.net.
@                               IN NS   ns1.nameserver.net.
@                               IN PTR  company.com.
@                               IN PTR  ns.company.com.
@                               IN PTR  www.company.com.
@                               IN PTR  mail.company.com.
@                               IN PTR  ftp.company.com.

/etc/resolv.conf:

Code: Select all

# This entry may not be needed
nameserver 127.0.0.1

# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname
domain company.com

/etc/hosts:

Code: Select all

127.0.0.1       localhost
12.34.56.78     ns.company.com ns

nobspangle · Post by **nobspangle** » Mon Nov 14, 2005 9:49 pm

In the second example you should also have

Code: Select all

recursion no;

in your options section.

You can also combine the two examples using views so that 1 view is for clients on the internal network and the other view is for clients on the public internet.

This is a really good online guide, and deals with everything from the basics, right up to dynamic updates from dhcp

PaulBredbury · Post by **PaulBredbury** » Mon Nov 14, 2005 10:53 pm

nobspangle wrote:recursion no;

Ah, but I forgot to mention that the server is serving DNS lookups for itself, rather than use the ISP's DNS servers, so I've added "allow-recursion" instead (and added /etc/resolv.conf contents). Thanks for the hint.

bhogg · Post by **bhogg** » Sun Nov 20, 2005 2:26 pm

How would these config files be modified if a DNS server had a dynamic IP address?

Also, by default, there doesn't seem to be a named.pid on my system after emerging bind... other PID's (apache2.pid) seem to have a numeric value in them and nothing else, not sure what this is for.

Thanks,
Brian

PaulBredbury · Post by **PaulBredbury** » Sun Nov 20, 2005 2:48 pm

bhogg wrote:How would these config files be modified if a DNS server had a dynamic IP address?

Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.

Also, by default, there doesn't seem to be a named.pid on my system after emerging bind

I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named.

bhogg · Post by **bhogg** » Sun Nov 20, 2005 3:14 pm

Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.

The web site is currently for a low-traffic project, and does not need high reliability. I have a no-ip.com address pointing to the same server which works well. Just need this new .ca to forward/resolve to the same address. Needless to say trying to put the no-ip address in zone files didn't do much of anything. The IP Address is resolving locally though, will probably take time to propogate.[/quote]

I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named.

I was having issues starting named previously, but now that it is running the .pid file exists where needed.

Evileye · Post by **Evileye** » Thu Oct 05, 2006 11:41 am

Use webmin to configure bind, much easier.

Sakkath · Post by **Sakkath** » Thu Nov 02, 2006 2:03 am

Could someone explain the headers better, the refresh, minimum, expiry, default_ttl, and the $TTL at the top? I don't know any of the SOA entries besides serial :-p.

Eugene33 · Post by **Eugene33** » Tue Nov 07, 2006 5:33 pm

Thanks for this tuto, I spent 1 month trying to configure my server correctly, and I finally had it in 2 hours. Thank you

makenoob · Post by **makenoob** » Wed Nov 08, 2006 9:59 am

EvilEye wrote:Use webmin to configure bind, much easier.

full ACK on that.
it won't hurt if you know what webmin is doing, so that you should dive into the docs after you got it up and running. the o'reilly-books on bind are a good start for that.

hidrogen · Post by **hidrogen** » Wed May 23, 2007 2:42 pm

Hi.

I've followed the BIND files for a home network example but i have a problem.

A PC inside the network cannot ping other pc's from the network except if i use their IP.

Ex:

ping www.google.com -> works fine
ping 192.168.134.100 -> works fine
ping vg.homenetwork -> doesn't work

thanks in advanced

PaulBredbury · Post by **PaulBredbury** » Wed May 23, 2007 3:02 pm

hidrogen wrote:ping vg.homenetwork -> doesn't work

That's what "bind files for a server" is for.

hidrogen · Post by **hidrogen** » Wed May 23, 2007 4:05 pm

Done

PaulBredbury wrote:
hidrogen wrote:ping vg.homenetwork -> doesn't work
That's what "bind files for a server" is for.

StormBytePP · Post by **StormBytePP** » Thu Sep 20, 2007 2:02 pm

What to do with dynamic IP address? I have a DynDNS account, updated constantly by router, is xxxxx.homelinux.net

How will I need to do to configure ? change the file with reverse IP address to xxxxx.homelinux.net or something else?

PaulBredbury · Post by **PaulBredbury** » Thu Sep 20, 2007 4:24 pm

Ginta wrote:dynamic IP address?

emerge ddclient

Put in /etc/ddclient/ddclient.conf

Code: Select all

daemon=36000
syslog=yes
mail-failure=root
ssl=yes
protocol=dyndns2
use=web
login=yourlogin
password=yourpassword
yoursubname.dyndns.org

You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable.

oddthing · Post by **oddthing** » Thu Oct 16, 2008 1:10 pm

PaulBredbury wrote: You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable.

I dunno how i did get around this problem, but at my hosting company i've edited some DNS options and did get redirected even with a dynamic IP, dunno though what DNS program thy run...

i have my domain: example.dom

then i setup that: num.example.dom -> my.dyn.ip

i just confed:
Localname: "num"
Type: "CNAME"
Target: my.dyn.ip

abit knowledge is:
NS = NameServer
MX = MaileXchange
A, AHOST = Address (IP)
CNAME = Hostname

but just for redirecting... my problem now is to get bind to do the rest... so i may get "1.num.example.dom" "2.num.example.dom" and so on...

PaulBredbury · Post by **PaulBredbury** » Thu Oct 16, 2008 1:42 pm

oddthing wrote:did get redirected even with a dynamic IP

Of course, but what happens when your IP address changes? That' the point.

oddthing · Post by **oddthing** » Thu Oct 16, 2008 10:01 pm

PaulBredbury wrote: Of course, but what happens when your IP address changes? That' the point.

No changes at all... since ddclient changes ip at the my.dyn.ip

Code: Select all

example.dom - num.example.dom
                         |
                   my.dyn.ip    (updated by ddclient)
                         |
               [home computer]  - one.num.example.dom (vhost)
                            - two.num.example.dom (vhost)

Looking for some BIND help

Looking for some BIND help

dynamic IP

Re: dynamic IP

Re: dynamic IP