Bind:

BIND (Berkely Internet Name Domain) is a popular software for translating domain names into IP addresses and usually found on Linux servers. This article will explain the basic concepts of DNS BIND and analyse the associated files required to successfully setup your own DNS BIND server. After reading this article, you will be able to successfully install and setup a Linux BIND DNS server for your network.

Why use BIND 9?

BIND 9 has evolved to be a very flexible, full-featured DNS system. Whatever your application is, BIND 9 probably has the required features. As the first, oldest, and most commonly deployed solution, there are more network engineers who are already familiar with BIND 9 than with any other system.

Another DNS nameservers available on a Linux systems are NSD ( Name Server Daemon) or djbdns ( tinydns ). Both are lightweight alternatives to bind9 DNS server and have less RAM requirements. Apparently are even faster.
In this article we will not go into details of what Domain Name Service ( DNS ) is nor how DNS works. Rather we simply concentrate in a simple configuration of a custom zone and config file for a given domain / host supporting www, mail services.

Sample scenario notes to help you ready this DNS bind howto:

• nameserver IP address 192.168.135.130
• sample domain / host: linuxconfig.org
• authoritative nameservers for a linuxconfig.org zone: ns1.linuxconfig.org ( 192.168.0.10 ) and ns2.linuxconfig.org ( 192.168.0.11 )
• www and mail services for linuxconfig.org will point to: 192.168.0.10

 

bind9 nameserver installation

Unless you prefer to install bind from a source code the installation is rather simple. On a Debian or Ubuntu Linux server you can install a bind nameserver with a following linux command:

apt-get install bind9 dnsutils

CentOS or Fedora alternative:

yum install bind dnsutils

dnsutils is not compulsory package to run bind webserver, but we will use a dig command which is part of this package as a testing tool of your bind configuration.

Creating a DNS zone file

At this stage we will need to create a new zone file for a domain linuxconfig.org. Navigate to /etc/bind/ directory execute following sequence of commands to navigate to zones/master/

cd /etc/bind
mkdir -p zones/master
cd zones/master/

/etc/bind/zones/master directory will contain a zone file for a linuxconfig.org domain. If you prefer to use another directory to hold this file you are free to do so. The following zone file db.linuxconfig.org will hold a DNS record to assist a nameserver resolve a fully qualified domain name to an IP address. Create and save db.linuxconfig.org with a following content:

;
; BIND data file for linuxconfig.org
;
$TTL    3h
@       IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
@       IN      NS      ns1.linuxconfig.org.
@       IN      NS      ns2.linuxconfig.org.


linuxconfig.org.    IN      MX      10      mail.linuxconfig.org.
linuxconfig.org.    IN      A       192.168.0.10
ns1                     IN      A       192.168.0.10
ns2                     IN      A       192.168.0.11
www                     IN      CNAME   linuxconfig.org.
mail                    IN      A       192.168.0.10
ftp                     IN      CNAME   linuxconfig.org.

Here is just a quick review of some lines from the above bind DNS zone file:

• SOA Record: nameserver authoritative for a zone linuxconfig.org is ns1.linuxconfig.org and admin.linuxconfig.org is an email address of a person responsible for this DNS zone.
• NS Records: two nameservers for a linuxconfig.org zone are ns[1,2].linuxconfig.org
• MX ( Mail Exchange): linuxconfig.org mail exachange record. Number 10 means a preference for discarting a records A : A simply means address inanother words in linuxconfig.org’s zone a ns1 would ahve a A ( address ) 192.168.0.10.
• CNAME Record ( Canonical Name record ): restart the query using the canonical name instead of the original name

address-to-name mappings

PTR

;
; BIND reverse data file for 0.168.192.in-addr.arpa
;
$TTL    604800
0.168.192.in-addr.arpa.      IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                          1         ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
0.168.192.in-addr.arpa.       IN      NS      ns1.linuxconfig.org.
0.168.192.in-addr.arpa.       IN      NS      ns2.linuxconfig.org.

10.0.168.192.in-addr.arpa.   IN      PTR     linuxconfig.org.

• PTR: a NDS record used for a mapping of an IP address to a host name.

Updating a BIND Configuration File

zone "linuxconfig.org" {
       type master;
       file "/etc/bind/zones/master/db.linuxconfig.org";
};

zone "0.168.192.in-addr.arpa" {
       type master;
       file "/etc/bind/zones/master/db.192.168.0";
};

Last thing before we go ahead to check a configuration is to add and IP address af a stable DNS server to a named.conf.options file. This IP address is used in case that a local DNS server do not know the answer the a name resolution query. In IP address of a DNS server in many cases is provided by your Internet provider. Alternatively if you are google fan use 8.8.8.8 or 8.8.4.4.

Replace a following blog of text withing a named.conf.options file:

       // forwarders {
       //      0.0.0.0;
       // };

with new stable DNS server IP address

        forwarders {
              8.8.4.4;
         };

Checking bind’s zone files and configuration

named-checkconf

With this named-checkconf command the rule is: no news are good news. If no output had been produced your config files looks OK.

To check a DNS zone files we can use named-checkzone command:

named-checkzone linuxconfig.org /etc/bind/zones/master/db.linuxconfig.org
zone linuxconfig.org/IN: loaded serial 1
OK

reverse zone file check:

named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.0
zone 0.168.192.in-addr.arpa/IN: loaded serial 2
OK

Start / restart bind nameserver

At this point nothing can stop us to run bind9 dns server:

 /etc/init.d/bind9 start
Starting domain name service...: bind9.

Alternatively, if your bind server is already running use a following linux command to to assist you with its restart:

/etc/init.d/bind9 restart
Stopping domain name service...: bind9.
Starting domain name service...: bind9.

Testing a bind server configuration

A dig command from dnsutils package will become handy to help us to test a new configuration of bind nameserver.

dig command can be used from any PC which has a network access the your DNS server but preferably your should start your testing from a localhost. In our this case the IP address of our name server is 192.168.135.130. First we will test host-to-IP resolution:

dig @192.168.135.130 www.linuxconfig.org

; <<>> DiG 9.6-ESV-R1 <<>> @192.168.135.130 www.linuxconfig.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60863
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.linuxconfig.org.           IN      A

;; ANSWER SECTION:
www.linuxconfig.org.    10800   IN      CNAME   linuxconfig.org.
linuxconfig.org.        10800   IN      A       192.168.0.10

;; AUTHORITY SECTION:
linuxconfig.org.        10800   IN      NS      ns2.linuxconfig.org.
linuxconfig.org.        10800   IN      NS      ns1.linuxconfig.org.

;; ADDITIONAL SECTION:
ns1.linuxconfig.org.    10800   IN      A       192.168.0.10
ns2.linuxconfig.org.    10800   IN      A       192.168.0.11

;; Query time: 0 msec
;; SERVER: 192.168.135.130#53(192.168.135.130)
;; WHEN: Thu Aug  5 18:50:48 2010
;; MSG SIZE  rcvd: 135

Next we test IP-to-host resolution:

dig @192.168.135.130 -x 192.168.0.10

; <<>> DiG 9.6-ESV-R1 <<>> @192.168.135.130 -x 192.168.0.10
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;10.0.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
10.0.168.192.in-addr.arpa. 604800 IN    PTR     linuxconfig.org.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 604800  IN      NS      ns2.linuxconfig.org.
0.168.192.in-addr.arpa. 604800  IN      NS      ns1.linuxconfig.org.

;; ADDITIONAL SECTION:
ns1.linuxconfig.org.    10800   IN      A       192.168.0.10
ns2.linuxconfig.org.    10800   IN      A       192.168.0.11

;; Query time: 0 msec
;; SERVER: 192.168.135.130#53(192.168.135.130)
;; WHEN: Thu Aug  5 18:52:06 2010
;; MSG SIZE  rcvd: 140

Congratulation. You have just created and configured your own DNS zone using bind nameserver.

Let’s Join our Hacking Team

We Are Indian We Are Great

Hope this article helpful for you. Thank You

Indian Cyber Army | Make IT Secure

Enjoy…Stay Happy…Stay Secure…

Hope this article helpful for you. Thank You

---

If You Appreciate What We Do Here On Hackonology, You Should Consider:

Hackonology is the fastest growing and most trusted community site where you can find lots of courses, articles about Technology/Hacking/Cracking. Millions of people visit Hackonology! to search or browse the thousands of published articles available FREELY to all.

Let's be a part of Hacker's Community! Join our Hacking Team

We Are Indian We Are Great

---