I took this tutorial from this is site

http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html
and convert nto pdf.
DNS Stands for Domain Name Service.On the Internet, the Domain Name Service (DNS
) stores and associates many types of information with domain names; most import
antly, it translates domain names (computer hostnames) to IP addresses. It also
lists mail exchange servers accepting e-mail for each domain. In providing a wor
ldwide keyword-based redirection service, DNS is an essential component of conte
mporary Internet use.
Introduction
BIND (Berkeley Internet Name Domain) is an open reference implementation of the
Domain Name System (DNS) protocol and provides a redistributable implementation
of the major components of the Domain Name System.
a name server (named)
a resolver library
troubleshooting tools like nslookup and dig
The BIND DNS Server is used on the vast majority of name serving machines on the
Internet, providing a robust and stable architecture on top of which an organiz
ation’s naming architecture can be built. The resolver library included in the B
IND distribution provides the standard APIs for translation between domain names
and Internet addresses and is intended to be linked with applications requiring
name service.
Firewall Config
Bind listens on port 53 UDP and TCP. TCP is normally only used during zone trans
fers so it would appear that you could filter it if you have no slaves. However
If the response to a query is greater than 1024 bytes, the server sends a partia
l response, and client and server will try to redo the transaction with TCP.
Responses that big do not happen often, but they happen. And people do quite oft
en block 53/tcp without their world coming to an end. But this is where one usua
lly inserts the story about the Great DNS Meltdown when more root servers were a
dded. This made queries for the root list greater than 1024 and the whole DNS sy
stem started to break down from people violating the DNS spec (RFC1035) and bloc
king TCP.
Differences in BIND8 and BIND9
Apart from being multi-threaded, and a complete code rewrite - which should prov
ide better stability and security in the long term, there are other differences
If there is a syntax error in named.conf, BIND9 will log errors and not reload t
he named server. BIND8 will log errors and the daemon will die!
Extensive support of TSIGs (shared keys) for access control, for example, “updat
e-policy” can be used for fine grained access control of dynamic updates.
The tool for starting/stopping/reloading etc., rndc is different from the v8 ndc
- different communications, authentication and features.
Syntax in zone files is more rigorously checked (e.g. a TTL line must exist)
In named.conf
v8 options ‘check-names’ and ’statistics-interval’ are not yet implemented in V9
.
the default for the option ‘auth-nxdomain’ is now ‘no’, if you don’t set this ma
nually, BIND 9 logs a corresponding message on startup.
The root server list, often called named.root or root.hints in BIND8 is not nece
ssary in BIND 9, as it is included within the server.
Installing Bind in Ubuntu
sudo apt-get install bind9 dnsutils
This will install all the required packages for bind9
Configuring Bind
If you install Bind from the source code, you will have to edit the file named.c
onf. However, Ubuntu provides you with a pre-configured Bind, so we will edit na
med.conf.local file
sudo vi /etc/bind/named.conf.local
This is where we will insert our zones.If you want to know what is zone in DNs c
heck this
DNS zone is a portion of the global DNS namespace. This namespace is defined by
RFC 1034, “Domain Names - Concepts and Facilities” and RFC 1035, “”Domain Names
- Implementation and Specification”, and is laid out in a tree structure from ri
ght to left, such that divisions of the namespace are performed by prepending a
series of characters followed by period (‘.’), to the upper namespace
You need to add the following lines in named.conf.local file
# This is the zone definition. replace example.com with your domain name
zone “example.com” {
type master;
file “/etc/bind/zones/example.com.db”;
};
# This is the zone definition for reverse DNS. replace 0.168.192 with your netwo
rk address in reverse notation - e.g my network address is 192.168.0
zone “0.168.192.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.0.168.192.in-addr.arpa”;
};
Now you need to edit the options file
sudo vi /etc/bind/named.conf.options
We need to modify the forwarder. This is the DNS server to which your own DNS wi
ll forward the requests he cannot process.
forwarders {
# Replace the address below with the address of your provider’s DNS server
123.123.123.123;
};
add the zone definition files (replace example.com with your domain name
sudo mkdir /etc/bind/zones
sudo vi /etc/bind/zones/example.com.db
The zone definition file is where we will put all the addresses / machine names
that our DNS server will know.Example zone file as follows
// replace example.com with your domain name. do not forget the . after the doma
in name!
// Also, replace ns1 with the name of your DNS server
example.com. IN SOA ns1.example.com. admin.example.com. (
// Do not modify the following lines!
2007031001
28800
3600
604800
38400
)
// Replace the following line as necessary:
// ns1 = DNS Server name
// mail = mail server name
// example.com = domain name
example.com. IN NS ns1.example.com.
example.com. IN MX 10 mail.example.com.
// Replace the IP address with the right IP addresses.
www IN A 192.168.0.2
mta IN A 192.168.0.3
ns1 IN A 192.168.0.1
Create Reverse DNS Zone file
A normal DNS query would be of the form ‘what is the IP of host=www in domain=my
domain.com’. There are times however when we want to be able to find out the nam
e of the host whose IP address = x.x.x.x. Sometimes this is required for diagnos
tic purposes more frequently these days it is used for security purposes to trac
e a hacker or spammer, indeed many modern mailing systems use reverse mapping to
provide simple authentication using dual look-up, IP to name and name to IP.
In order to perform Reverse Mapping and to support normal recursive and Iterativ
e (non-recursive) queries the DNS designers defined a special (reserved) Domain
Name called IN-ADDR.ARPA. This domain allows for all supported Internet IPv4 add
resses (and now IPv6).
sudo vi /etc/bind/zones/rev.0.168.192.in-addr.arpa
copy and paste the following sample file
//replace example.com with yoour domain name, ns1 with your DNS server name.
// The number before IN PTR example.com is the machine address of the DNS server
. in my case, it’s 1, as my IP address is 192.168.0.1.
@ IN SOA ns1.example.com. admin.example.com. (
2007031001;
28800;
604800;
604800;
86400
)
IN NS ns1.example.com.
1 IN PTR example.com
Restart Bind server using the following command
sudo /etc/init.d/bind9 restart
Testing Your DNS Server
Modify the file resolv.conf with the following settings
sudo vi /etc/resolv.conf
Enter the following details save and exit the file
// replace example.com with your domain name, and 192.168.0.1 with the address o
f your new DNS server.
search example.com
nameserver 192.168.0.1
Test your DNS Using the following command
dig example.com
Mike says:
August 31, 2008 at 7:14 am
I am unsure about what this means:
// Replace the IP address with the right IP addresses.
www IN A 192.168.0.2
mta IN A 192.168.0.3
ns1 IN A 192.168.0.1
192.168.0.2 is the address that I have given to my DNS server if that matters?
Bind starts OK when the server boots - but how do I create a DNS alias or DNS re
cords for my LAN?
Prabin Dahal says:
December 29, 2008 at 9:54 am
Hi, I tried your post.
when I run dig prabin-dahal.com.np it responds the following:
; <> DiG 9.4.2-P2 <> prabin-dahal.com.np
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42577
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;prabin-dahal.com.np. IN A
;; Query time: 0 msec
;; SERVER: 192.168.0.108#53(192.168.0.108)
;; WHEN: Mon Dec 29 15:38:47 2008
;; MSG SIZE rcvd: 37
but I am not able to ping prabin-dahal.com.np what is the problem?
Ian says:
January 25, 2009 at 10:03 pm
Prabin,
I have the same problem. I think that, although it says it has got answer, all t
he lines start with a ; - so there is no data in the answer it got.
Wish I knew what was going wrong!
S.Sathiya Seelan says:
January 29, 2009 at 10:33 am
I’m new to Ubuntu. I want to configure this windows configuration in Ubuntu. If
I configure like this, then only i can use ubuntu in whole network. Is it possib
le. Please help to configure
IP Address: 10.1.171.148
Subnet Mask : 255.255.255.0
Gateway : 10.1.171.1
Primary DNS : 10.1.1.36
Alternate DNS : 10.1.1.37
DNS Suffix for this connection : bheltry.co.in
Storm says:
February 18, 2009 at 3:19 pm
Hi there,
Guys i’m new to linux and i need some help to configure bind9.
My server is behind a router.
Router ip 86.106.193.xxx
DNS ip 86.106.196.xxx
Server ip 192.168.1.100
Ports 20,21,53,80 forwarded to Server
Can you please mention what changes should I make to the sample configuration yo
u postet at the top ?
Thank you
Alexey says:
March 21, 2009 at 8:00 pm
I have no problem when I start manual bind9 but when I reboot notebook it just [
fail] where I can found a problem?
I’ve look at dmesg, syslog, daemon.log, debug there no answer…
Moustafa says:
March 25, 2009 at 11:31 pm
hi all i want any one help me please
* Stopping domain name service… bind rndc: connect failed: 127.0.0.1#953: connec
tion refused
[fail]
* Starting domain name service… bind [fail]
also this message appear during restart my bind server and i have copies the rnd
c file into /var/named/chroot/etc what shuld i do an what IP address i should as
sugn into my PC??
Jacob says:
March 27, 2009 at 7:08 am
okay, so I actually did a ddns setup with a completely different walkthrough. I
think I somewhat understand it now, but for some reason, Ubuntu Server wants to
be a bit flaky.
In any case, started, the rndc.key file was owned by bind and couldn’t be opened
by the DHCP daemon. Created a copy of the .key file in /etc/dhcp3 and chowned i
t to root. restarted bind, restarted dhcp3. No complaints, except the name serve
r could only resolve itself and not the client I connected via DHCP. That might
be because I configured the client box with a fixed IP because I’m sharing a net
work and don’t have a personal gateway server and don’t want the IT guys to thre
aten me with expulsion. If you know if a ddns configuration works with fixed-add
ress hosts in dhcpd.conf, that would be a wonderful thing to know. Also, if you
want to know the reason I’d do DDNS rather that static DNS is because I’m trying
to manage 30+ machines, which isn’t really nice. The most work I want is mainta
ining a list of machine addresses and automating everything else.
Then I ran a command, the box froze, I restarted it.
After restarting the box, the zones folder as well as the key files could not be
accessed by dhcpd, bind, or sudo just about anything, regardless of permissions
, and even if I change permissions to the admin account and restart the box.
DHCP: I don’t want to configure and keep track of IP addresses for 30+ boxes.
DDNS: I don’t want to configure /etc/hosts for 30+ boxes.
Then onto centralizing user authentication, and when we finally get a half-decen
t server, home folders.
rey says:
April 29, 2009 at 3:55 pm
hi, I have follow steep by steep this tutorial, but when try to restart bind9 I
get this error:
rndc: connect failed: 127.0.0.1#953: connection refused
and the bind9 don’t start just say [fail]
whys is this error ?
mcsedude says:
April 30, 2009 at 11:17 pm
What to check if it does not work? I followed each step. Can you help me?
mcsedude says:
April 30, 2009 at 11:21 pm
I changed the /etc/resolv.conf with my dns server and dig example.com does not r
esolves but if I put dns forwarders it works great!
What do you think?
gojeg says:
May 19, 2009 at 9:54 am
hi, im using ubuntu server 9.04 and bind9. my server is resolving upper router s
o if i ping it’s domain, i can’t get a reply..
jdaniel says:
September 2, 2009 at 9:56 pm
If it does not work look in /var/log/syslog for errors.
Sushil says:
September 24, 2009 at 2:46 pm
Hi Friends..
i have install ubuntu lamp server 8.10 for DNS Server..
i hav a problum at..
@@@@@@@@@@@@@@@@@@@@@@@@@@
zone “example.com” {
type master;
file “/etc/bind/zones/example.com.db”;
};
@@@@@@@@@@@@@@@@@@@@@@@@@@
What should be replaced at the place of example.com….
i know my server’s..
host name- hhhhhh
domain- local (only local, no use of .com, .org, .net etc)
junkie says:
October 15, 2009 at 6:58 pm
$TTL 604800
@ IN SOA ns2.junkie.home. root.junkie.home. (
1;
28800;
3600;
604800;
38400;
)
NS ns2.junkie.home.
A 10.0.0.2
www CNAME @
katya A 10.0.0.3
shah says:
October 27, 2009 at 3:10 pm
Hi, i would like to know how to configure forwarder as below:
All Domains --> forwarder 1 & forwarder 2
Domain 1 --> forwarder 3
Domain 2 --> forwarder 4
Thank you.
dan says:
November 21, 2009 at 6:33 am
Unfortunately forwarders are part of the nameserver itself and not domain specif
ic.
You’d have to set up a second nameserver with the other domain in it to designat
e a different forwarder.
There’s no reason for that, since a forwarder answers dns queries for what is no
t within that name server. If your goal is to have some machines get a dns retur
n of NXDOMAIN for some dns queries, then multiple dns servers will be necessary.
Rich says:
December 1, 2009 at 10:16 am
Hi All,
I had several errors also with the above tutorial, but I think its mainly down t
o cut and paste. In the zone definitions part when you cut and paste it into nan
o (or vi presumably) it looses its quote marks “” and causes errors when restart
ing bind. Hope this helps.
Rich
Anand Phulwani says:
December 19, 2009 at 7:09 am
Rename named.conf.local to named.conf.
Matthieu says:
February 3, 2010 at 5:55 pm
In this text, there are some citations from the book “Pro DNS and BIND” from Apr
ess. It is published under Creative Common License, so it is OK, as long as the
work is attributed to its author…
Check for example the section about reverse mapping…
http://www.zytrax.com/books/dns/ch3/
Dave says:
March 3, 2010 at 12:13 pm
Hi there,
Is it possible to add a second zone so I can host example.com and example2.com t
hat resolve to two different IP addresses in the one subnet? With MX records in
each could I run two mail servers?
Thanks
Dan says:
March 3, 2010 at 4:36 pm
Dave,
It’s very common, and entirely possible.
All that needs to be done is edit named.conf (as done in this tutorial as named.
conf.local), add in another “zone “example.com {” section pointing to another fi
le for your second domain. Then, create the example.com.db (named for your domai
n) for your new domain as done in this tutorial. Pretty much, it’s just a rerun
of this tutorial.
The MX record within your “example.com.db” is for that domain alone, so set it a
s you wish.
Dave says:
March 3, 2010 at 7:43 pm
Thanks Dan I’ll be attacking this today!
Cheers for your reply.
Dave
wepawetmose says:
March 11, 2010 at 11:48 pm
just to say thanks… this worked for me ^.^
dada says:
March 12, 2010 at 11:01 am
I followed ur note.thank u it was great but i cannot understand why my server do
es not work properly.
This is when i test my domain
; <> DiG 9.6.1-P2 <> brightfuture.com.et
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30061
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;brightfuture.com.et. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Mar 11 21:56:48 2010
;; MSG SIZE rcvd: 37
pls help me .thank u guys.