-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Server your own dns zones

Here is a quick howto made to help you configure an authoritative only nameserver based on ISC Bind.

Installation

It’s pretty straight forward, just install bind.

You can use the packages bundled with your distribution or you can use the package that I bundle myself, and which are available on this very website (Bind 9.9.0 and Bind 9.8.2).

rpm -Uvh noarch/bind-license-9.8.1-2.el6.noarch.rpm 
	Preparing...             ############################### [100%]
   	1:bind-license           ############################### [100%]
rpm -Uvh bind-chroot-9.8.1-2.el6.x86_64.rpm bind-9.8.1-2.el6.x86_64.rpm bind-libs-9.8.1-2.el6.x86_64.rpm bind-utils-9.8.1-2.el6.x86_64.rpm 
	Preparing...             ############################### [100%]
   	1:bind-libs              ############################### [ 25%]
   	2:bind                   ############################### [ 50%]
   	3:bind-chroot            ############################### [ 75%]
   	4:bind-utils             ############################### [100%]

Configuration

/etc/named.conf

options {
	listen-on port 53 { any; };
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query-cache	{ none; };
	allow-query     { any; };
	recursion no;
	version "[Secured]";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
	type hint;
	file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named/zones/myzone.tld.conf";

As you can see in the last line of the configuration file, we’re including a file (/etc/named/zones/myzone.tld.conf) in which we will create the zone file declaration. This is mainly done for readability purposes in case of a large scale deployment.

/etc/named/zones/myzone.tld.conf

zone "myzone.tld" {
	type master;
	file "zones/myzone.tld.zone";
}

And now, we will create a small zone in a subdirectory called zones. Of course, you’ll have to put your own records to match your servers.

mkdir /etc/named/zones/zones
chown named:named zones
cat > /etc/named/zones/zones/mydomain.tld.zone << EOF
$ttl 86400 
@	IN SOA nstest1.dotnul.org. hostmaster.eurodns.org. (
			2012021200 ; serial
			86400 ; refresh
			7200 ; retry
			604800 ; expire
			86400 ; minimum
			) 
@	86400	 IN NS		nstest1.dotnul.org.
@	86400	 IN NS		nstest2.dotnul.org.
	3600	 IN MX 10	aspmx.l.google.com.
	3600	 IN MX 20	alt1.aspmx.l.google.com.
	3600	 IN MX 20	alt2.aspmx.l.google.com.
	3600	 IN MX 30	aspmx2.googlemail.com.
	3600	 IN MX 30	aspmx3.googlemail.com.
	3600	 IN MX 30	aspmx4.googlemail.com.
	3600	 IN MX 30	aspmx5.googlemail.com.
; IPV4 server host definition
*	3600	 IN A		88.190.215.224
@	3600	 IN A		88.190.215.224
EOF

Testing

Before going any further, the first thing to do is make sure that we didn’t made any typo in the zone file.

named-checkzone mydomain.tld /etc/named/zones/zones/mydomain.tld.zone
zone mydomain.tld/IN: loaded serial 2012021200
OK

Now, (re)start named.

/etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

Let’s query something to see if our server responds correctly.

dig +short www.myzone.tld @localhost
88.190.215.224

So, it works !

Reloading

You now have a working name server, and if you want to update/change a record in the previously created zone, you’ll need, in addition to the incrementing the serial, you’ll have to reload the server configuration, no need to restart the deamon. This is an example of the reloading :

 rndc reload myzone.tld
zone reload queued

#This is taken from the logs
Feb 19 17:39:12 gaia named[25171]: received control channel command 'reload myzone.tld'
Feb 19 17:39:12 gaia named[25171]: zone myzone.tld/IN: loaded serial 2012021201
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJW5eRIAAoJEBeKS2x6xuR7QsoQAK9mKTM0VYdplaY5NioCtJRL
hE9KilrxAOeVUa8AbXYDFsAuUAsdrteV8MvJfE0XxPFgVxLACxrXL2I+3Kk4ZwXQ
nzyeYN07fRvEaZPss0N1d2+CK+7HZYcKMFHpexJT9iMWxSOlxGIid5nKZgIggo5a
PNF+vghWXL5Au5M280l5k81Nz1I5dN/KHKJsbD0lMjjG/FbrI6SW9B+cYva+7fS6
Pb7Yzn6+WOpTK0ilbq6kkrs7Evuc5Xg8kiOkEgY3qh9S4mOcqC0ZRaEQNJOatv+S
BFffyvARBKRbUezfeVt4SJt5JqbNDjL9nv5pKGVFR3oHCueDiNG+/i5mxvXpSzBp
zZKHsdEAcrL/T6/gxaoxzD710Zv740GWqcCmThG8NrCMkdm49E6ShWIKA23sk299
Q6gM7Btwl/dqSVLzY9GIl/5pzDDHT/Nk7IqJsfWQ9wv7iKl/ZpUbQXEtJEPW+mgA
uEKvPrF9JSWJzFKD7IJuJt8M7AmsjUxhKP7QowLcLgkiWsAbG96EeuQySSy/4zMp
cLxloHWkmmjlQ92865+HU0QCj1bLEYtH0VM9jPFCud3sZzCIMkkr52xI5lRQAaHU
8Q8dZRGukmPWwPk8cklBBCPQvqpNAP2KYU0h/2UOH3q3I620fVOqlIma4DxRrgKb
z3s7B0ZqUT87mxjnB+fC
=JTNZ
-----END PGP SIGNATURE-----

Hint: To validate signature, please view page source and copy html code between BEGIN PGP Signed message and END PGP Signature anchors.

Created the 2012-05-03

Share this


Article content

Resources

10 last blog posts

Related to this article

blog comments powered by Disqus