Saturday 6 August 2016

Configuring Bind9 Domain name server on Centos or Red Hat

First we need to install Bind9

yum -y install bind
After installing Bind we need to configure it. Bind9 on Red Hat and Centos provide sample configuration files but we will create them from scratch. Bind9, by default, look for named.conf file in /etc. In named.conf file, zones data files directory location and zone names are specified. Domain names like rahulonline.info and zones are synonymous. In this tutorial, I will take rahulonline.info as an example. You can substitute it with the domain name you want Bind9 to configure for.
The following is the minimalist named.conf. You can copy and paste it with ctrl+shift+v after typing in
nano /etc/named.conf 
and then save by pressing ctrl+w , enter and y.
options
{
               directory "/var/named"; // the default
};

               zone "localhost" {
               type master;
               file "localhost.zone";
               };

              zone "rahulonline.info" {
              type master;
              file "rahulonline.info.db";
              };
Let’s explain what all this means. directory specifies the data files or zones files that Bind9 will search for. Then we have a zone “localhost ” defined which is of type “master” and the name of the zone file is “localhost.zone”. This zone is needed otherwise our DNS will send queries to the root domains even for localhost. Similarly, we have defined another zone called “rahulonline.info” which is of type “master” and whose zone file, “”rahulonline.info.db, is located in /var/named/.
We will just copy the sample localhost zone file supplied with Bind9 installation and not create it from scratch. To do that type the following:
cp /usr/share/doc/bind-9.3.4/sample/var/named/localhost.zone /var/named/
localhost.conf looks like this
$TTL    86400
@               IN SOA  @       root (
                                       42              ; serial (d. adams)
                                       3H              ; refresh
                                       15M             ; retry
                                       1W              ; expiry
                                       1D )            ; minimum

               IN NS           @
               IN A            127.0.0.1
               IN AAAA         ::1
Now we have to set up our rahulonline.info zone. According to our /etc/named.conf file, it must be in /var/named/rahulonline.info.db so go ahead and copy the following code, do
nano /var/named/rahulonline.info.db
paste it there and then save it.
$TTL    1H
@               IN      SOA     ns1.rahulonline.info.      root (
                       2009091114 ; serial
                       1H ; refresh
                       15M ; retry
                       4W ; expire
                       1H ; Negative caching TTL of 1 hour
                       )
; Name servers
                IN      NS      ns1.rahulonline.info.
ns1              IN      A       192.168.2.11
www              IN      A       192.168.2.50
ftp              IN      A       192.168.2.100
The first line shows default TTL for records when no ttl is defined.
The @ symbol represents our zone name which is rahulonline.info in our case and we are saying that for rahulonline.info SOA (Start of authority), authoritative DNS is ns1.rahulonline.info and contact email is admin@rahulonline.info (no, that is not a typo. In Bind parlance we have . instead of @ in email addresses).
The next entries are used by slave DNS servers. Whenever Serial number is incremented the slave DNSes will know that zone data has changed and will download it. Every hour slave will check with this master server to see if zone data has been changed by looking at serial number.
If, for some reasons, it cannot contact master, then it will retry every 15 minutes until 4 weeks has passed. When that happens and slave is still unable to contact master, it will expire the zone data and will stop answering name resolution queries for this zone.
Next is negative caching TTL. This is how long a remote name server can cache negative responses about the zone. These are answers that say that a particular domain name or the type of data sought for a particular domain name doesn’t exist.
Next are different record types. First is NS, name server type. Names server for our zones is defined here which we have only one here (at least two name servers are required for internet domains). Next we have an A record type (name to IP mapping) for our authoritative dns server. We have to set this record because if our DNS server name cannot be resolved, how come someone could contact it for name resolutions of other hosts.
Note that we have mentioned only ns1 and the zone name is appended to it because it does not end in a dot (.).
Next we have A records for ftp.rahulonline.info.
And we are finished with configuring DNS for our zone.
Start DNS server
service named start
To test if it works either use dig and specify the DNS server to use for name resolution like
dig ns1.rahulonline.info
or change /etc/resolv.conf and put the IP of our configured DNS server. Then type in
dig ftp.rahulonline.info
host and nslookup can also be used to test name resolution.
dig ftp.rahulonline.info
and the dig will append rahulonline.info and look for ftp.rahulonline.info.