Configure DNS (bind9) on Ubuntu

Planning Your Domain Name

Before we can even start configuring our domain name server, we should have a good idea of how our domain will look. There are a few considerations that will impact the naming scheme you will use.

Forward Lookup Zones

These domain zones are used to convert names into IP addresses. You use one every time you access a website by it’s name. This is what we’ll be creating in this tutorial.

Reverse Lookup Zones

When you need to convert an IP address into a host name, you configure a reverse lookup zone. It’s used a lot for name verification when all you have is an IP address.

Naming Your Domain

There are a few rules you should follow when deciding on the name of your domain.

  • A domain name must contain between 2 and 63 characters before the punctuation.
  • A domain name can only contain the letters A-Z, the digits 0-9 and hyphen (-)
  • If it’s for internal hosting only, it should not end in .com, .net, .ca, .org, or any other top level domain name (TLD). An example of an internal TLD is .intra.
  • It should have a minimum of two domain levels – mydomainname.tld.

For this tutorial I will be using the domain name of serverlab.intra. It will be used for hosting internal records only.

Name Server Types

There are a few types of roles for a name server. In this tutorial we’re only going to focus on two – the master (primary) and a slave (secondary). The following list describes the most popular name server roles.

Role Description
Master This server is where all adds and modifications are done. It is what is called an SOA (Start of Authority) server. No records are zones changes can be made without its knowledge.
Slave This server is allowed to host a replica copy of a domain zone hosted by a master server. You should always have at least one slave for redundancy reasons. The server will act as an authority of a domain when the master is not available. It’s only limitation is that you cannot add records to or modify the domain on this server. It is read-only.
Caching A caching server doesn’t actually host any domains. Instead, it caches every lookup done by a client after it resolves a name. It resolves domains by forwarding the requests to other DNS servers, like your ISP’s DNS servers. The benefit of having a caching server is name resolution performance can be greatly increased.

DNS Record Types

There are a large number of DNS records types that can be employed in your domain, each with it’s own specific service, like e-mail, computer host names, name servers, and so on. Here is a brief list of record types that can be used.

Type Description
A Address Record
Used to assign a domain name to an IP address.
NS Name Server
Used to specify the domain name of name servers for a zone.
SOA Start of Authority
The absolutely authority domain name server of a domain or entire zone. This is typically a master server.
MX Mail Exchange
This record specifies which server or servers host the e-mail services for a domain. Without this record, clients and other mail servers would not be able to determine your mail servers.

Install and Configure BIND

Follow these instructions on both servers, NS1 and NS2.

  1. Install the required packages for BIND.
    sudo apt-get install bind9
  2. Start the BIND service to enable domain name lookups.
    sudo service bind9 start

Create Your Domain

We’re going to create our first zone file for our desired domain. The zone file is what will contain our name records for our domain. It’s a simple database, if you will, of names to IP addresses than can easily be modified with any text editor.

To make things easy for us, we’re going to copy a template.

  1. Log onto the primary server, NS1.
  2. Create the new zone file by copying an existing template.
    sudo cp /etc/bind/db.empty /etc/bind/db.serverlab.intra
  3. Open the new zone file into a text editor, like Nano.
    sudo nano /etc/bind/db.serverlab.intra
    Your zone file should look similar to the example below.

    ; BIND reverse data file for empty rfc1918 zone ; ; DO NOT EDIT THIS FILE - it is used for multiple zones. ; Instead, copy it, edit named.conf, and use that copy. ; $TTL 86400 @ IN SOA localhost. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS localhost. 
  4. Modify the file to match your environment’s configuration. We need to set the Start of Authority server (SOA) – the primary name server for our domain name, the e-mail address of the administrator, the Name Server record (NS) for our name server (ns1), and a Address record for the name server (ns1).
    ; BIND reverse data file for empty rfc1918 zone ; ; DO NOT EDIT THIS FILE - it is used for multiple zones. ; Instead, copy it, edit named.conf, and use that copy. ; $TTL 86400 @ IN SOA ns1.serverlab.intra. admin.serverlab.intra. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS ns1.serverlab.intra. @ IN NS ns2.serverlab.intra. ns1 IN A 172.30.0.60 ns2 IN A 172.30.0.61 
  5. Now we add the address records (A) for the computers in our environment.
     ; BIND reverse data file for empty rfc1918 zone ; ; DO NOT EDIT THIS FILE - it is used for multiple zones. ; Instead, copy it, edit named.conf, and use that copy. ; $TTL 86400 @ IN SOA ns1.serverlab.intra. admin.serverlab.intra. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS ns1.serverlab.intra. @ IN NS ns2.serverlab.intra. ns1 IN A 172.30.0.60 ns2 IN A 172.30.0.61 desktop01 IN A 172.30.0.200 desktop02 IN A 172.30.0.201 desktop03 IN A 172.30.0.202 desktop04 IN A 172.30.0.203 fileserver01 IN A 172.30.0.100 fileserver02 IN A 172.30.0.101 mailserver01 IN A 172.30.0.102 
  6. Save changes to the file and exit the text editor.

Add Your Domain to BIND

  1. Open the BIND configuration file into a text editor, like Nano.
    sudo nano /etc/bind/named.conf
  2. Add the following lines to the end of the file.
    zone "serverlab.intra" { type master; file "/etc/bind/db.serverlab.intra"; allow-transfer { 172.30.0.61; }; }; 
    Type Specifies the name server type – Master or Slave.
    File The location of the zone’s database file.
    Allow-Transfer Specify which servers, by IP address, are allowed to download the zone file.
  3. Save your changes and exit the text editor.
  4. Instruct BIND to load our new domain.
    sudo service bind9 reload

Configure the DNS Server to Query Itself

In order for your domain name server to return lookups, it needs to be able to query itself. To do this we’re going to modify its client DNS settings.

  1. Open the resolv.conf file into a text editor.
    sudo nano /etc/resolv.conf
  2. Modify it so that it contains the following lines.
    nameserver 172.30.0.60 search serverlab.intra 
    nameserver Sets the IP address of the DNS server to be queried. You can add as many nameserver entries as you have DNS servers for your domain.
    search The search option is used to append the defined domain name to all of your single-label lookups – any lookup that contains a computer name without a domain name appended. For example, desktop01. This way you don’t have to type the entire fully qualified domain name, desktop01.serverlab.intra.
  3. Save your changes and exit the text editor.
  4. Test your name resolution by ping a computer registered in your domain using its fully qualified domain name.
    ping desktop01.serverlab.intra
  5. Another method of testing name resolution is to use the Dig tool. It returns more detailed results about your lookup.
    dig desktop01.serverlab.intra
  6. The Dig command will return the following results, which shows the question, the return answer, and which DNS server gave the response.
    ; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> desktop01.serverlab.intra ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 688 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;desktop01.serverlab.intra. IN A ;; ANSWER SECTION:
    desktop01.serverlab.intra. 86400 IN A 172.30.0.200 ;; AUTHORITY SECTION: serverlab.intra. 86400 IN NS ns1.serverlab.intra. ;; ADDITIONAL SECTION: ns1.serverlab.intra. 86400 IN A 172.30.0.60 ;; Query time: 1 msec
    ;; SERVER: 172.30.0.60#53(172.30.0.60) ;; WHEN: Fri Jan 17 23:28:17 CST 2014 ;; MSG SIZE rcvd: 104 

Configure the Secondary DNS Server

  1. Log onto the secondary (slave) DNS server, NS2.
  2. Open the Bind configuration file into a text editor.
    sudo nano /etc/bind/named.conf
  3. Add a zone entry for our domain zone using the following configuration.
    zone "serverlab.intra" { type slave; master { 172.30.0.60; }; file "/etc/bind/db.serverlab.intra"; }; 
    Type Specifies the name server type – Master or Slave.
    Master Specifies the IP address of the master server.
    File Specifices the location of the replica zone database file.
  4. Save your changes and exit the text editor.
  5. Instruct Bind to reload it’s configuration file.
    sudo service bind9 reload
  6. Our domain should not be downloading to our secondary server. Check that it exits by navigating to the location specified in Bind’s configuration file.

See more:
http://serverlab.ca/tutorials/linux/network-services/how-to-configure-ubuntu-13-to-be-a-dns-server

https://help.ubuntu.com/10.04/serverguide/dns-configuration.html

https://help.ubuntu.com/community/BIND9ServerHowto

By vichhaiy Posted in Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s