Custom Search

Friday, 7 October 2011

How to Install Bind 9

How to Install Bind 9.

apt-get install bind9

This should install and work ok. Note: Firewall rules are required. See Firewall section. In order to start using bind locally, edit /etc/resolv.conf


(The "search" allows you to ping/access subdomain names without typing in the entire address. I.E. ping www will ping )
Restart bind: - /etc/init.d/bind9 restart

Test and ping google etc. Bind should be resolving internet addresses. If not - Check Firewall.
Configing Bind (version 9):

Check to see if the following is referenced in /etc/bind/named.conf

include "/etc/bind/named.conf.local"; is in /etc/bind/named.conf

Edit the following file:

vi /etc/bind/named.conf.local
//This file contains all local and changable info.
//Begin File - by creating the following entry:
//----------- Begin ------------
zone "" {
       type master;
       file "/etc/bind/zones/";
       allow-transfer {; };   ; Note this line is only for a secondary nameserver, allowing for zone transfer.

//The next is the reverse DNS entry.
zone "" {
        type master;
        file "/etc/bind/zones/136.201.1.db";
//------------ End of ----------

Create the file:

vi /etc/bind/zones/
//Begin file --------------------------------
$TTL 3h

@       IN      SOA    (
                2006120702      ; counter/ Serial    ; in the format YYYYMMDDCC where CC - counter 1 to 99
                20m             ; refresh
                15m             ; Retry Interval
                1w              ; Expire
                1h )            ; Negative Cache TTL

        IN      NS        ; must the name of the name server used to register
;        IN      NS      ns1.secondary nameserver.  ; A semi-colon is used to comment out lines in bind configs.
        IN      MX      10

ns      IN      A
mail    IN      A
wiki    IN      A
monitor IN      A
www     IN      A
@       IN      A   ; the @ is for the no www name. E.g. (without www's)
www.portal      IN      A
//End file ------------------------------------

Create Reverse DNS lookup file: This is just for reverse DNS lookups. Reverse DNS entries also have to be made with your ISP - as reverse DNS entries come from them.

vi /etc/bind/zones/136.201.1.db
//Start of file -------------------------
@       IN      SOA (
                3       ; counter/ Serial
                15m     ; refresh
                15m     ; Retry Interval
                1w      ; Expire
                1h )    ; Negative Cache TTL

        IN      NS

250     IN      PTR
//End of file ---------------------------

Start bind and Test:

/etc/init.d/bind start
tail /var/log/daemon.log

Test with dig, nslookup and ping.
To test with nslookup, at the prompt type in "set type=mx" to query mx records. Similiarly, "set type=A" for A records.
Go to and carryout a DNS report.

If you don't have bind installed you wont have nslookup and you'll get:

-bash: nslookup: command not found

To solve this:

apt-get install dnsutils

Setting up A Secondary DNS

Having a secondary DNS is very important, especially if your services (web,mail,db etc) are running off different boxes. The www could be up, but if DNS goes down - no www traffic :-(

There is very little to setting up a secondary dns entry/server. It takes care of everything, e.g. updating etc. from master to slave itself.

Config Master To setup the master (main or primary DNS server) the following must be added:

vi /etc/bind/zones/
allow-transfer {; };
//where the above ip is the secondary dns server's.

Config Slave Of course bind will have to be installed and it could be perhaps serving out dns for another domain! Edit the following file:

vi /etc/bind/named.conf.local
//add the following lines:

zone "" {
        type slave;
        file "/etc/bind/slaves/";
        masters {; };
        allow-transfer {; };

The /etc/bind/slaves directory must be created, and also bind must be given permission to write to this slaves directory. This is because bind runs as user bind - and can only edit files it owns, or if the directory is chmod'd 775.

mkdir /etc/bind/slaves
chown bind:bind /etc/bind/slaves
//I chose to change ownership of this file rather than chmod it 775.

The allow-transfer should be included even for the slave zone files, otherwise anyone could do a zone transfer and lookup all your sub domains. See: DNS_-_Bind9#Prevent_DNS_lookup_of_sub_domains

Thats it! Secondary DNS setup. Restart/reload bind on both servers. Check /var/log/daemon.log for updates' Check also after the slave updates from the master. The slave will place dns files in /etc/bind/slaves/
Slow DNS lookup issues with bind9

No comments:

Post a Comment