HOWTO setup a small server
Bind9 (Domain Name Service Service)
Installation
The installation of the domain name service (DNS) server is performed by:
# apt-get install bind9
Basic Configuration
The basic configuration of Bind9 could look like this for a name server doing forwarding and managing a small LAN:
File: /etc/bind/named.conf.options
options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 // contains a list of servers to which queries should // be forwarded (up to three servers may be listed) forwarders { 223.1.2.2; 223.1.2.3; }; // prefer usage of the name server declared in the // forwarders section forward first; // network interfaces to listen on and optionally the // port for IPv4/IPv6 (default: 'port 53'/'any') listen-on port 53 { 127.0.0.1; 223.1.2.1; }; listen-on-v6 { none; }; // may be needed if a firewall stands between the local // server and the internet //query-source address * port 53; //transfer-source * port 53; //notify-source * port 53; // networks or IP addresses to accept queries from // (default: allow from all hosts) allow-query { 127.0.0.1; 223.1.2.0/24; }; // hosts allowed to make recursive queries allow-recursion { 127.0.0.1; 223.1.2.0/24; }; // hosts are allowed to receive zone transfers //allow-transfer { none; }; allow-transfer { 127.0.0.1; }; // specifies, whether notify messages are sent to // other name servers when the the zone data is changed notify no; };
Zone Configuration
Your local zones must be specified like this:
Excerpt: /etc/bind/named.conf.local
zone "example.com" { type master; file "/etc/bind/db.example.com"; }; zone "2.1.223.in-addr.arpa" { type master; file "/etc/bind/db.2.1.223"; };
The zone files have the following format (do not forget the dots following host names!):
File: /etc/bind/db.example.com
$TTL 1D example.com. IN SOA server root.server.example.com. ( 2007111301 ; serial 1D ; refresh 1H ; retry 1D ; expire 1D ) ; minimum IN NS server IN MX 10 server ; domain to IP mappings server IN A 223.1.2.1
File: /etc/bind/db.2.1.223
$TTL 1D 2.1.223.in-addr.arpa. IN SOA server.example.com. root.server.example.com. ( 2007111301 ; serial 1D ; refresh 1H ; retry 1D ; expire 1D ) ; minimum IN NS server.example.com. ; IP to domain mappings 1 IN PTR server.example.com.
Networking Requirements
Prerequisite: Shorewall To allow users on your net to access the name server configure your packet filter appropriatly:
Excerpt: /etc/shorewall/rules
# DNS # ACCEPT net $FW udp 53 ACCEPT net $FW tcp 53 #
And finally, restart Shorewall:
# shorewall restart