Setting up a basic Bind DNS configuration for small networks
If you ever need to set up a Bind DNS for a small network using one internal domain and you are using such stone-age distributions like CentOS or similar crap that doesn't install example configuration files, you will probably need to look up the syntax for the zone- and configuration files (I need to do that always and it just takes time).
So, here's a working copy-paste-forget setup:
Prerequisites
- I'm assuming that the directory "/etc/bind" exists...
- ... and that this directory is writable by the named user (if you want to have automatic updates to your zones)
- you do _NOT_ want to use your providers DNS servers as forwarders
- your local network is 192.168.0/24, your gateway is .254 and your DNS server is .1
- Replace all occurences of HOSTNAME in the files below with the hostname of your DNS server
- Replace all occurences of YOURDOMAIN in the files below with your local domain name
- all the files mentioned below need to be put into the /etc/bind directory.
- If the DHCP server is not under your control (or something that doesn't support dynamic DNS updates), you configured your clients to register to the DNS server properly (you might need to tick the checkbox "Include domain name on updates" on XP clients)
- you know that in the above mentioned case anyone can update your DNS server and depending on your network that is probably insecure
/etc/bind/named.conf
include "/etc/bind/named.conf.options";
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
/etc/bind/named.conf.options
options {
// On CentOS and other distributions you might need to change this
// directory
directory "/var/cache/bind";
// ****** Enable this section if you want to use your provider DNS *****
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
/etc/bind/named.conf.local
zone "YOURDOMAIN.local" IN {
type master;
// ***** Enable this option if you don't have access to the DHCP *****
// ***** server on your network (e.g. if your firewall does DHCP *****
// allow-update { any; };
file "/etc/bind/db.YOURDOMAIN.local";
};
zone "0.168.192.in-addr.arpa" in {
type master;
// ***** Enable this option if you don't have access to the DHCP *****
// ***** server on your network (e.g. if your firewall does DHCP *****
// allow-update { any; };
file "/etc/bind/db.0.168.192";
};
/etc/bind/db.0
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
/etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
1.0.0 IN PTR localhost.
/etc/bind/db.255
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
/etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
/etc/bind/db.root
; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 3600000 IN A 198.32.64.12
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
/etc/bind/db.YOURDOMAIN.local
;/etc/bind/db.YOURDOMAIN.local
$TTL 1D
@ IN SOA HOSTNAME.YOURDOMAIN.local. hostmaster.HOSTNAME.YOURDOMAIN.local. (
1 ; Serial
8H ; Refresh 8 Hours
2H ; Retry 2 hours
1W ; expiry 1 week
1D ; minimum 1 day
)
IN NS HOSTNAME.YOURDOMAIN.local.
IN A 192.168.0.1
localhost IN A 127.0.0.1
HOSTNAME IN A 192.168.0.1
gateway IN A 192.168.0.254
/etc/bind/db.0.168.192
$TTL 1D
@ IN SOA HOSTNAME.YOURDOMAIN.local. hostmaster.HOSTNAME.YOURDOMAIN.local. (
1 ; Serial
8H ; Refresh 8 hours
2H ; retry 2 hours
1W ; expiry 1 week
1d ; minimum 1 day
)
IN NS HOSTNAME.YOURDOMAIN.local.
IN A 192.168.0.1
1 IN PTR HOSTNAME.YOURDOMAIN.local.
254 IN PTR gateway.YOURDOMAIN.local.
Posted by Alexander Griesser
| Categories:
Linux
| Comments:
--> New comment