How do I do a complete BIND9 DNS Server Configuration with a hostname?

I need a complete step-by-step guide on how to produce such a server configuration.

Can anyone help-me?


Solution 1:

Complete DNS server in ubuntu server 12.

First of all change the ip address of your server form DHCP to STATIC for this use the following command

sudo nano /etc/network/interfaces

and add:

auto eth0
iface eth0 inet static
address 192.168.1.5
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-nameservers

Restart networking daemons

sudo /etc/init.d/networking restart

Before configuring a DNS server in linux Ubuntu you have to make domain name first and then you will proceed. First you will check your hostname command for this is

sudo nano /etc/hostname

 nefitari       

(This is my Ubuntu server hostname yours might be different .You can change this according to your need)

Now after hostname, you have to make domain name for your server. Say servername.domain.com it is better practice that whenever you are configuring server for home use or so, do not use .com but .hom or .net or whatever you like. Give the below command

  sudo nano /etc/hosts

add if it does not have it:

  127.0.0.1   localhost

  192.168.1.5     nefitari.autun.hom    nefitari

In my file 127.0.0.1 is for localhost and I have changed the second IP address 127.0.1.1 with my server IP that is 192.168.1.5 now I enter my domain name having my hostname nefitari first then my domain name autun.hom and then alias nefitari. You can select of your own, hostname.abc.net or hostname.home.lan etc. but remember changing to this file need to restart your server and then login. Restart is must

Now install BIND9

 sudo apt-get install bind9

After installation just configure the below files step by step

  • Named.conf.options
  • Named.conf.local
  • /etc/resolv.conf

Now configure file named.conf.options This file is use for DNS IPs It mean that your server must connect to some DNS outside. When you buy domain name from ISP’s they normally gives you their own DNS IPs. You can use open DNS IPs of google or so. In my case I am using my own ISP DNS IPs.

 sudo nano /etc/bind/named.conf.options
 forwarders {
 # Give here your ISP DNS IP’s
192.168.1.1;    # gateway or router   
182.176.39.23;
182.176.18.13;
68.87.76.178;
  };

***Save the file and exit***using control x press y and overwrite the file

Now edit the file named.conf.local This is the file in which we define forward zones and reverse zones. It means that when we enter domain name it will translate it into IP address and when we enter IP address it will simply convert it into name.

sudo nano /etc/bind/named.conf.local

will show:

# Our forward zone
zone "autun.hom" {
 type master;
 file "/etc/bind/zones/db.autun.hom";
 };

# Our reverse Zone 
# Server IP 192.168.1.5 
zone "1.168.192.in-addr.arpa" {
  type master;
  file "/etc/bind/zones/db.192";
 };

***Save the file and exit***using control x press y and overwrite the file

Now we will make these two database files db.autun.hom and db.192 in zones folder

First make the directory zones in /etc/bind/

  sudo mkdir /etc/bind/zones

Before making files let me clear you that I have different devices

Devices IPs

  • Server itself 192.168.1.5
  • Gateway 192.168.1.1
  • Win7pc 192.168.1.50

Now in zones directory we will create two files first db.autun.hom. I am just copying the db.local already present in /etc/bind folder to zones folder by changing its name to db.autun.hom. I will put these IP’s in my db.autun.hom file. Let’s start

sudo cp /etc/bind/db.local  /etc/bind/zones/db.autun.hom

Now use the command below to edit the file

sudo nano /etc/bind/zones/db.autun.hom

 ;
 ; BIND data file for local loopback interface
 ;
 $TTL    604800
 @       IN      SOA     nefitari.autun.hom. webuser.autun.hom. (
                          2         ; Serial
                     604800         ; Refresh
                      86400         ; Retry
                    2419200         ; Expire
                     604800 )       ; Negative Cache TTL
  ;
autun.hom.      IN  NS  nefitari.autun.hom.
autun.hom.      IN  A   192.168.1.5
   ;@               IN  A   127.0.0.1
   ;@               IN  AAAA    ::1
nefitari            IN  A   192.168.1.5
gateway         IN  A   192.168.1.1
win7pc          IN  A   192.168.1.50
www     IN  CNAME   autun.hom.

Save it and exit

  • Webuser.autun.hom. is the email who will access name server. You can write any name instead webuser like admin, root or host master etc.
  • Autun.hom. is my NS means name server
  • Autun.hom.changing to IP 192.168.1.5
  • @ IN A 127.0.0.1 and AAAA ::1 can be comment out you should not need it because db.local is already present in /etc/bind it is just a copy of that file. So no need you can delete it
  • Changing Nefitari to IP 192.168.1.5
  • Gateway to IP 192.168.1.1
  • Win7pc you can name your windows PCs or Linux Clients to any name but remember IP of that client must correctly be inserted into file. In my case I gave IP of windows PC 192.168.1.50
  • Last, I am using CNAME means canonical name it is just an alias to nefitari. Means that you can access your server by entering www.autun.hom instead nefitari.autun.hom . You can omit this or comment it. It is just up to you.

Now create reverse lookup zone file

sudo cp /etc/bind/db.127    /etc/bind/zones/db.192

Now use the command below to edit the file

sudo nano /etc/bind/zones/db.192

   ;
   ; BIND reverse data file for local loopback interface
   ;
   $TTL    604800
   @       IN      SOA     nefitari.autun.hom. webuser.autun.hom. (
                          2         ; Serial
                     604800         ; Refresh
                      86400         ; Retry
                    2419200         ; Expire
                     604800 )       ; Negative Cache TTL
   ;
        IN  NS  nefitari.
1   IN  PTR gateway.autun.hom.
5   IN  PTR nefitari.autun.hom.
50  IN  PTR win7pc.autun.hom.

Save it and exit

Now when you are done with your zone file you have to check it whether it is working correctly or not by entering the command below for forward zone file

named-checkzone autun.hom /etc/bind/zones/db.autun.hom
zone autun.hom /IN: loaded serial   2
Ok

Now check the reverse zone file

named-checkzone autun.hom /etc/bind/zones/db.192
zone autun.hom /IN: loaded serial   2
Ok 

If the output of your named-checkzone is same as above then it is working fine otherwise you made some mistake in file.

Now edit the file resolv.conf

sudo nano /etc/resolv.conf

nameserver      192.168.1.5
domain      autun.hom
search      autun.hom

Enter the following lines into to your resolv.conf file and save it

Restart the bind

sudo /etc/init.d/bind9 restart

After bind start check your setting in log file

tail -f /var/log/syslog

it must not have any error in the log

Checking forward zones

host –l autun.hom

Output should like this

 autun.hom name server nefitari.autun.hom.
 autun.hom has address 192.168.1.5
 gateway.autun.hom has address 192.168.1.1
 nefitari.autun.hom has address 192.168.1.5
 win7pc.autun.hom has address 192.168.1.50

Now use NSLOOKUP

nslookup autun.hom

OUTPUT

Server: 192.168.1.5
Address: 192.168.1.5#53

Name: autun.hom
Address: 192.168.1.5

Use DIG

 dig gateway.autun.hom

 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35612
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

 ;; QUESTION SECTION:
 ;gateway.autun.hom         IN  A

 ;; ANSWER SECTION:
 gateway.autun.hom      604800  IN  A   192.168.1.1

 ;; AUTHORITY SECTION:
 Autun.hom.     604800  IN      NS  nefitari.autun.hom. 

 ;; ADDITIONAL SECTION:
 Nefitari.autun.hom.    604800  IN      A   192.168.1.5

 ;; Query time: 12 msec
 ;; SERVER: 192.168.1.5#53(192.168.1.5)
 ;; WHEN: Thu Aug 8 01:56:25 2013
 ;; MSG SIZE  rcvd: 90

Output should similar to the above, check status: NOERROR means it is resolving check ANSWER SECTION: gateway.autun.hom is resolved into 192.168.1.1

Checking reverse zone

 host 192.168.1.1

Output

 1.1.168.192.in-addr.arpa domain name pointer gateway.autun.hom

If it gives you an error like below

 host 1.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

This means that you made some mistake in /etc/bind/named.conf.local file in reverse zone If your server IP is 192.168.1.5 then your reverse zone looks like this

zone "**1.168.192**.in-addr.arpa" {
 correct ip reversing
};

Sometime people made mistake in reversing the ip like (just an example)

zone "**0.168.192**.in-addr.arpa" {
incorrect ip reversing
};

Use NSLOOKUP

nslookup 192.168.1.1

Server: 192.168.1.5
Address: 192.168.1.5#53

1.1.168.192.in-addr.arpa    name=gateway.autun.hom

If you get NXDOMAIN or SERVFAIL like errors it means that one of your zone file is not working correctly

Now you can ping ubuntu.com or dig ubuntu.com for the first time it will take several miliseconds to resolve the name ubuntu.com but when you run it second time it will take 1, 2 or 3 seconds normally form 1 to 10 mili seconds are normal and it means that your DNS is working properly

Configuring clients

windows side

  • open network connections
  • select change adapter settings
  • select properties
  • select internet protocol version IPv4

and here give the IP address (in my case it is 192.168.1.50 have you remember win7pc)

  • IP address 192.168.1.50
  • Subnet Mask 255.255.255.0
  • Default Gateway 192.168.1.1
  • primary DNS 192.168.1.5 (my new BIND DNS server ip)
  • in the same window select Advance
  • select DNS tab
  • Type in the text box below here In DNS Suffix for this connection:autun.hom
  • click ok
  • click on validate setting upon exit
  • click ok

and you are done with it open CMD

ping gateway

it must gives you some replies

similarly

ping 192.168.1.1 or 5

it must gives you some replies

Test Your Server to Outside World

Now you can ping ubuntu.com or dig ubuntu.com for the first time it will take several miliseconds to resolve the name ubuntu.com but when you run it second time, it will take form 1 to 10 mili seconds, its normal time and it means that your DNS is working properly Configuring clients

windows side

open network connections select change adapter settings select properties select internet protocol version IPv4

and here give the IP address (in my case it is 192.168.1.50 have you remember win7pc)

IP address 192.168.1.50

Subnet Mask 255.255.255.0

Default Gateway 192.168.1.1

primary DNS 192.168.1.5 (my new BIND DNS server ip)

select Advance (in the same window)

select DNS tab

Type in the text box below here In DNS Suffix for this connection:autun.hom

click ok

click on validate setting upon exit

click ok

and you are done with it open CMD

Code:

 ping gateway

it must gives you some replies

similarly

Code:

 ping 192.168.1.1 or 5

it must gives you some replies you can use NSLOOKUP Code:

 nslookup gateway

LINUX CLIENTS

Code:

 sudo nano /etc/network/interfaces

type the following lines

Code:

 auto eth0
 iface eth0 inet dhcp

Now restart Network Deamons

Code:

 sudo /etc/init.d/networking restart

to force client renew IP command

Code:

 sudo dhclient -r

Now obtain fresh IP:

Code:

 sudo dhclient

If you are running DHCP server on your Network then enter the domain name and name server in dhcpd.conf file; for example I have DNS server named nefitari.autun.hom and IP address is 192.168.1.5 like as under

Code:

 option domain-name "nefitari.autun.hom";
 option domain-name-server  192.168.1.5;

source

Solution 2:

The answer is just an addition to the great description above.

Troubleshooting tip

Be very careful with the many '.' in the configuration files as each one is important. A single missing '.' can stop the DNS server from working. You should not count on clear error messages.

I learned its good practice to use a more telling serial number. Its very important to increment the serial number every time the setup is modified, e.g. new entries being added. If its not incremented a secondary DNS will fail to synchronize the new settings. The suggested format is YYYYMMDDss, where ss is the "old" serial number. So when incrementing, you should increment ss by +1 and set the date to the current date. I found this very helpful in troubleshooting the setup. In the syslog you clearly see the date and serial of the used file.

In Ubuntu 16.04 changing resolv.conf is deprecated. As jdthood writes in his comment replace the step with the following procedure: - Change /etc/default/bind9: the new will should look like this:

   # run resolvconf?
   RESOLVCONF=yes

   # startup options for the server
   OPTIONS="-u bind"

   # use this when you have trouble with IPV6
   #OPTIONS="-u bind -4"

see comment from not-a-patch for the IPV6 issues.

  • put a symlink of /etc/resolv.conf into /run/resolvconf/resolv.conf

     cd /etc
     sudo ln -s /etc/resolv.conf /run/resolvconf/resolv.conf
    

Offline Setup

The setup is exactly the same, and even a bit easier, since you can just skip the forwarding sections. They do not have to be present, so there is no need to edit the /etc/bind/names.con.options.

Class-B Networks

There are a few minor changes required to make this work for class-B networks (before there are comments, there is no reason why a local network , even at home, could not be a class-B instead of a class-C network). In this example I use the network number 172.20.x.x. (I think the formal notation is 172.20.0.0. for more info google rfc1918).

Use the description from the first answer, replace all IPs 192.168.x.x with 172.20.x.x, use for the server IP 172.20.0.100 and modify the files as follows:

  • the name of the file db.192 becomes db.172.
  • the file named.conf.local gets a different reverse zone section:

    zone "20.172.in-addr.arpe" {
    type master;
    file "/etc/bind/zones/db.172";
    }
    
  • The reverse zones file changes to:

    ;
    ; BIND reverse data file for 172.20.x.x
    ;
    $TTL    604800
    @       IN      SOA     nefitari.autun.hom. webuser.autun.hom. (
                 2017022102         ; more intuitive serial YYYYMMDDss, here ss=02
                     604800         ; Refresh
                      86400         ; Retry
                    2419200         ; Expire
                     604800 )       ; Negative Cache TTL
    
    ; note: the '@'was missing from in the initial description
    @       IN  NS  nefitari.autun.hom.    
    
    100.0   IN  PTR nefitari.autun.hom. 
    121.0   IN  PTR client1.autun.hom.
    130.0   IN  PTR client2.autun.hom.
    33.0    IN  PTR client3.autun.hom.
    

The rest is the same.

Hope its useful for someone.