HOWTO setup a small server

Bind9 (Domain Name Service Service)

Installation

The installation of the domain name service (DNS) server is performed by:

# apt-get install bind9

Basic Configuration

The basic configuration of Bind9 could look like this for a name server doing forwarding and managing a small LAN:

File: /etc/bind/named.conf.options

options {
	directory "/var/cache/bind";

	auth-nxdomain no;    # conform to RFC1035

	// contains a list of servers to which queries should
	// be forwarded (up to three servers may be listed)

	forwarders { 223.1.2.2; 223.1.2.3; };

	// prefer usage of the name server declared in the
	// forwarders section

	forward first;

	// network interfaces to listen on and optionally the
	// port for IPv4/IPv6 (default: 'port 53'/'any')

	listen-on port 53 { 127.0.0.1; 223.1.2.1; };
	listen-on-v6 { none; };

	// may be needed if a firewall stands between the local
	// server and the internet

	//query-source address * port 53;
	//transfer-source * port 53;
	//notify-source * port 53;

	// networks or IP addresses to accept queries from
	// (default: allow from all hosts)

	allow-query { 127.0.0.1; 223.1.2.0/24; };

	// hosts allowed to make recursive queries

	allow-recursion { 127.0.0.1; 223.1.2.0/24; };

	// hosts are allowed to receive zone transfers

	//allow-transfer { none; };
	allow-transfer { 127.0.0.1; };

	// specifies, whether notify messages are sent to
	// other name servers when the the zone data is changed

	notify no;
};

Zone Configuration

Your local zones must be specified like this:

Excerpt: /etc/bind/named.conf.local

zone "example.com" {
  type master;
  file "/etc/bind/db.example.com";
};

zone "2.1.223.in-addr.arpa" {
  type master;
  file "/etc/bind/db.2.1.223";
};

The zone files have the following format (do not forget the dots following host names!):

File: /etc/bind/db.example.com

$TTL 1D
example.com.	IN SOA	server	root.server.example.com. (
		2007111301	; serial
		1D		; refresh
		1H		; retry
		1D		; expire
		1D )		; minimum

		IN NS		server
		IN MX		10 server

; domain to IP mappings
server	IN A		223.1.2.1

File: /etc/bind/db.2.1.223

$TTL 1D
2.1.223.in-addr.arpa.	IN SOA	server.example.com.	root.server.example.com. (
		2007111301	; serial
		1D		; refresh
		1H		; retry
		1D		; expire
		1D )		; minimum

		IN NS	server.example.com.

; IP to domain mappings
1		IN PTR	server.example.com.

Networking Requirements

Prerequisite: Shorewall To allow users on your net to access the name server configure your packet filter appropriatly:

Excerpt: /etc/shorewall/rules

# DNS
#
ACCEPT		net		$FW		udp	53
ACCEPT		net		$FW		tcp	53
#

And finally, restart Shorewall:

# shorewall restart

Back to index.