Configuring Bind9

Configuring Bind9

This doc will show how to create the conf files for and test bind9.

Configuration files are located at /etc/bind

Become root

Create a sub-directory to store the conf files. In this doc, it will be “zones”

cd /etc/bind/
mkdir zones

Copy the default conf file that you’ll use to zones

cp db.local ./zones/example.com.db.local

Where example.com is your domain

Edit this file

cd zones
nano example.com.db.local

 

The file should appear as follows:

;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1

make the changes to the file to appear as this:

NOTE: Don’t forget the periods after the domain names

xxx.xxx.xxx.xxx = the target machines’ IP Address

;
; BIND data file for local loopback interface
;

$TTL 604800

@ IN SOA example.com. host.example.com. (

2 ; Serial

604800 ; Refresh

86400 ; Retry

2419200 ; Expire

604800 ) ; Negative Cache TTL

;

@ IN NS ns1.example.com.

@ IN A xxx.xxx.xxx.xxx

@ IN AAAA ::1

;

ns1 IN A xxx.xxx.xxx.xxx

mail IN A xxx.xxx.xxx.xxx

www IN A xxx.xxx.xxx.xxx
;

example.com. IN MX 10 mail.example.com.

;

Computer-Name IN CNAME www

These changes will create “A” records for ns1, (which is your dns server), and also mail and www.
It further creates an MX or Mail Exchange record for mail.example.com.
It creates an alias, or “CNAME” for “Computer-Name”.

Rules to remember:
a ; is used to uncomment. # doesn’t work here.
in-addr.your MX record must have a corresponding “A” Record. It can’t be a CNAME.

Now, create a file in your zones directory titled example.com.in-addr.arpa.local. This is for reverse lookups.

Edit the file to look like this:

$TTL 604800

@ IN SOA example.com. root.example.com. (

2010081401;

28800;
604800;

604800;
86400 );
;
IN NS ns1.example.com.

4 IN PTR example.com.

Edit the file /etc/bind/named.conf.local

This is where you’ll point the bind service to the files that you created in the zones directory

Make the file look like this:

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;
zone “example.com” { NOTE: THIS DOMAINNAME ENTRY IS, IN FACT, IN QUOTES
type master;
file “/etc/bind/zones/example.com.db.local”;
};

zone “3.2.1.in-addr.arpa” {
type master;
file “/etc/bind/zones/example.com.in-addr.arpa.local”;
};

As you can see in the example above, The “file” statements correspond with the path and filenames you created.

Restart the service:
service bind9 restart

To test:
Look at the syslong file
grep bind /var/log/syslog

It should look something like this:

Jan 26 15:54:13 mtxfarm-matt-test named[4602]: starting BIND 9.8.1-P1 -u bind
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-geoip=/usr’ ‘–enable-ipv6’ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2’ ‘LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro’ ‘CPPFLAGS=-D_FORTIFY_SOURCE=2’
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: loading configuration from ‘/etc/bind/named.conf’
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: reading built-in trusted keys from file ‘/etc/bind/bind.keys’
Jan 26 15:54:13 mtxfarm-matt-test named[4602]: set up managed keys zone for view _default, file ‘managed-keys.bind’

Look for errors or warnings

Use the command “dig” using one of the FQDN’s that you defined in you example.com.db.local file:
dig mail.example.com @xxx.xxx.xxx.xxx

in place of xxx.xxx.xxx.xxx, use your new dns server’s ip address.

You should see this:

; <<>> DiG 9.8.1-P1 <<>> mail.test-matt.com @206.207.94.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48761
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com. IN A

;; ANSWER SECTION:
mail.example.com. 604800 IN A xxx.xxx.xxx.xxx

;; AUTHORITY SECTION:
example.com. 604800 IN NS ns1.example.com.

;; ADDITIONAL SECTION:
ns1.example.com. 604800 IN A xxx.xxx.xxx.xxx

;; Query time: 1 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Mon Jan 26 16:02:52 2015
;; MSG SIZE rcvd: 86

add an “mx” to the end of that dig command and use just the domain name (example.com) to test your mx record.

dig example.com @xxx.xxx.xxx.xxx mx

It should look like this:

; <<>> DiG 9.8.1-P1 <<>> mail.test-matt.com @206.207.94.34 mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.example.com. IN MX

;; ANSWER SECTION:
example.com. 604800 IN MX 10 mail.example.com.

;; AUTHORITY SECTION:
example.com. 604800 IN NS ns1.example.com.

;; ADDITIONAL SECTION:
mail.example.com. 604800 IN A xxx.xxx.xxx.xxx
ns1.example.com. 604800 IN A xxx.xxx.xxx.xxx

;; Query time: 1 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Mon Jan 26 16:06:10 2015
;; MSG SIZE rcvd: 77

Matt Long
01/26/2015