Login Main site Create account

08.08.2008 21:37

Setting up a basic Bind DNS configuration for small networks


If you ever need to set up a Bind DNS for a small network using one internal domain and you are using such stone-age distributions like CentOS or similar crap that doesn't install example configuration files, you will probably need to look up the syntax for the zone- and configuration files (I need to do that always and it just takes time).

So, here's a working copy-paste-forget setup:

Prerequisites
  • I'm assuming that the directory "/etc/bind" exists...
  • ... and that this directory is writable by the named user (if you want to have automatic updates to your zones)
  • you do _NOT_ want to use your providers DNS servers as forwarders
  • your local network is 192.168.0/24, your gateway is .254 and your DNS server is .1
  • Replace all occurences of HOSTNAME in the files below with the hostname of your DNS server
  • Replace all occurences of YOURDOMAIN in the files below with your local domain name
  • all the files mentioned below need to be put into the /etc/bind directory.
  • If the DHCP server is not under your control (or something that doesn't support dynamic DNS updates), you configured your clients to register to the DNS server properly (you might need to tick the checkbox "Include domain name on updates" on XP clients)
  • you know that in the above mentioned case anyone can update your DNS server and depending on your network that is probably insecure

/etc/bind/named.conf
include "/etc/bind/named.conf.options";

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";

/etc/bind/named.conf.options
options {
	// On CentOS and other distributions you might need to change this
	// directory
        directory "/var/cache/bind";

        // ****** Enable this section if you want to use your provider DNS *****
        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

/etc/bind/named.conf.local
zone "YOURDOMAIN.local" IN {
  type master;

  // ***** Enable this option if you don't have access to the DHCP *****
  // ***** server on your network (e.g. if your firewall does DHCP *****
  // allow-update { any; };

  file "/etc/bind/db.YOURDOMAIN.local";
};

zone "0.168.192.in-addr.arpa" in {
  type master;

  // ***** Enable this option if you don't have access to the DHCP *****
  // ***** server on your network (e.g. if your firewall does DHCP *****
  // allow-update { any; };

  file "/etc/bind/db.0.168.192";
};

/etc/bind/db.0
;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

/etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
1.0.0   IN      PTR     localhost.

/etc/bind/db.255
;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

/etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1

/etc/bind/db.root
; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     3600000 IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33

/etc/bind/db.YOURDOMAIN.local
;/etc/bind/db.YOURDOMAIN.local
$TTL 1D
@               IN      SOA     HOSTNAME.YOURDOMAIN.local. hostmaster.HOSTNAME.YOURDOMAIN.local. (
                                1       ; Serial
                                8H      ; Refresh 8 Hours
                                2H      ; Retry 2 hours
                                1W      ; expiry 1 week
                                1D      ; minimum 1 day
                )

                IN      NS      HOSTNAME.YOURDOMAIN.local.
                IN      A       192.168.0.1

localhost       IN      A       127.0.0.1
HOSTNAME        IN      A       192.168.0.1
gateway         IN      A       192.168.0.254

/etc/bind/db.0.168.192
$TTL 1D
@       IN      SOA     HOSTNAME.YOURDOMAIN.local.   hostmaster.HOSTNAME.YOURDOMAIN.local. (
                        1       ; Serial
                        8H      ; Refresh 8 hours
                        2H      ; retry 2 hours
                        1W      ; expiry 1 week
                        1d      ; minimum 1 day
        )
        IN      NS      HOSTNAME.YOURDOMAIN.local.
        IN      A       192.168.0.1

1       IN      PTR     HOSTNAME.YOURDOMAIN.local.
254     IN      PTR     gateway.YOURDOMAIN.local.
Currently no comments to this entry (http://tuxx-home.at/archives/2008/08/08/T21_37_51/index.html)


Your comment (HTML tags will be stripped !!):

To verify You are not a bot, type down text from this image.

Your try: