Configuring DNS / BIND
Previous  Top  Next

The main configuration file of DNS is /etc/named.conf and should look, by default, something like this:

// generated by named-bootconf.pl

options {
   directory "/var/named";
   /*
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below.  Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    */
   // query-source address * port 53;
};

// 
// a caching only nameserver config
// 
zone "." IN {
   type hint;
   file "named.ca";
};

zone "0.0.127.in-addr.arpa" IN {
   type master;
   file "named.local";
   allow-update { none; };
};

We will now change it to support our domain organicbrownsugar.com which is NOT connected to the internet by typing:

vi /etc/named.conf

And the file should look like this when we are done:
   
// generated by named-bootconf.pl

options {
   directory "/var/named";
   /*
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below.  Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    */
   // query-source address * port 53;
};

zone "." IN {
   type master;
   file "db.root";
};

zone "localhost" IN {
   type master;
   file "localhost.zone";
   allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
   type master;
   file "named.local";
   allow-update { none; };
};

zone "organicbrownsugar.com" IN {
   type master;
   file "organicbrownsugar.com.zone";
   allow-update { none; };
};

zone "1.10.192.in-addr.arpa" IN {
   type master;
   file "organicbrownsugar.com.zone.rev";
   allow-update { none; };
};

zone "us.organicbrownsugar.com" IN {
   type master;
   file "us.organicbrownsugar.com.zone";
   allow-update { none; };
};

This tells the DNS service which domains we are hosting here. The first paragraph adds our domain while not allowing remote servers to send our server updates of any kind. The second paragraph creates a so called Reverse Lookup Zone to later map IP addresses to hostnames.

After creating the config file, we now have to set up the two zone files we are pointing to. For this we type

vi /var/named/organicbrownsugar.zone

and add the following lines (remember, you can save some typing by downloading this from www.netikus.net):

$TTL   86400
@
IN
SOA
organicbrownsugar.com.
2000103001




hostmaster.organicbrownsugar.com. (
;serial number
;increase this number whenever you make
;changes to this file. It's necessary for
;secondary servers to know if they have to update
;their zone data



10800
;refresh every 10800 seconds
;tells a secondary server how often to
;contact a (the) master server



1800
;retry every 30 minutes
;if a connect fails to a primary name server,
connect again in 1800 seconds



1209600
;expire records received from master server if I
;was not able to contact him for 1209600 seconds



604800 )
;TTL tells other servers (cache) to keep the
;records of this zone (file) for 604800 seconds,
;then "refresh"

                      
;we need at least one of those entries to make this file valid
IN
NS
email.organicbrownsugar.com.
   
         
;where to find the email server for our domain
IN
MX
10   email.organicbrownsugar.com.
   
         
;the records
email
IN
A   192.10.1.10

         
;aliases for the email server
ftp
IN
CNAME email;
telnet
IN
CNAME email;
smtp
IN
CNAME email;
mail
IN
CNAME email;
mailhost
IN
CNAME email;
ns
IN
CNAME email;
ns1
IN
CNAME email;
http
IN
CNAME email;
pop
IN
CNAME email;
pop3
IN
CNAME email;
mailbox
IN
CNAME email;
imap
IN
CNAME email;
ldap
IN
CNAME email;
www
IN
CNAME email;


;our other computer where we are testing
netikus
IN
A   192.10.1.244

      
Now copy this file (organicbrownsugar.com.zone) to us.organicbrownsugar.com.zone with

cd /var/named
cp organicbrownsugar.com.zone us.organicbrownsugar.com.zone

and change the first line so it looks like this:
@
IN
SOA
us.organicbrownsugar.com.
hostmaster.us.organicbrownsugar.com. (

            
What is this good for? Now we prepared ourselves if we want multiple mailservers someday. Now we set up the reverse lookup file by typing

vi /var/named/organicbrownsugar.com.zone.rev

Add the following lines again:

$TTL   86400
@
IN
SOA
1.10.192.in-addr.arpa.
hostmaster.organicbrownsugar.com. (



2000103001
;serial number
;increase this number whenever you make
;changes to this file



10800
;refresh every 3 hours
;tells a secondary server how often to
;contact this server



1800
;retry every 30 minutes
;if a connect fails to another name ;server,
connect again in 30 minutes



1209600
;secondary name server discard
;cached records if you have not been able ;to
contact your primary within this time



604800 )
caching server discard records if you ;did not
reach your primary

            
;we need at least one of those entries to make this file valid

IN
NS
email.organicbrownsugar.com.
   
         
;here we list the ip addresses in use
10
IN
PTR
email.organicbrownsugar.com.

         
;our client computer
244
IN
PTR
netikus.organicbrownsugar.com.

            
Now comes the tricky part. We have to set up a root file because we are not connected to the internet. It's not important for functianlity but makes the setup complete and avoids error messages in the named logs. In named.conf we pointed to a file called db.root which we will create now with

vi /var/named/db.root

and this file should look this when we are done:

$TTL   86400
.
IN
SOA
email.organicbrownsugar.com.
root.email.organicbrownsugar.com. (



2000110801
; Serial



28800
; Refresh



14400
; Retry



3600000
; Expire



86400 )
; Minimum

               

IN
NS
email.organicbrownsugar.com.
email.organicbrownsugar.com.

IN
A   192.10.1.10
   

organicbrownsugar.com.
IN
NS
email.organicbrownsugar.com.
                                   
                                
us.organicbrownsugar.com.
IN
NS
email.organicbrownsugar.com.

                                            
Watch out for the "." In the second line. The other files have a @ here, but since this is the root file (and obviously different) there has to be . .

Please note a couple of things when typing the values above:

·I used <TAB> to separate values in lines  
·Whenever you specify a FQDN, make sure that it ends with a . <DOT>, otherwise you make yourself trouble  

After entering all the information correctly, we start the DNS daemon and verify the configuration