Local DNS with Bind
From KdjWiki
NOTE: As I use Gentoo - the syntax may differ slightly on other distrobutions
Contents |
Installation
Emerge the service and supporting tools:
$ echo "net-dns/bind -ipv6 -ldap -mysql -bind-mysql -postgres -odbc threads" | sudo tee -a /etc/portage/package.use $ sudo emerge -uv bind bind-tools
Add some links so I can always named instead of sometimes named and others bind:
$ sudo ln -sf /etc/bind /etc/named && sudo ln -sf /var/bind /var/named $ sudo mkdir /var/bind/conf && sudo mkdir /var/named/reverse && sudo mkdir /var/named/personal $ sudo mkdir /var/log/bind && sudo ln -sf /var/log/bind /var/log/named $ sudo chown -R named: /var/bind && sudo chown -R named: /var/log/bind
Client Configuration
Sample client configuration for machine1.home.lan (with IP address 192.168.1.10) talking to local DNS server (192.168.1.100)
/etc/hosts
127.0.0.1 localhost.localdomain localhost 192.168.1.10 machine1.home.lan machine1
/etc/resolv.conf
domain home.lan nameserver 192.168.1.100
Server Configuration
NOTE: In this scenario, I will be using the IP address 192.168.1.100 for the local DNS server and 203.0.10.100 for my IPS's DNS server. I will be using the name home.lan for the domain name, and dns.isp.com for my ISP's DNS server
/etc/named/named.conf
Main configuration file:
options {
directory "/var/named";
version "Bind";
dump-file "/var/named/named.dump";
statistics-file "/var/named/named.stats";
zone-statistics yes;
listen-on-v6 { none; };
listen-on { 127.0.0.1; 192.168.1.100; };
allow-query { 127.0.0.1; 192.168.1.0/24; };
allow-recursion { 127.0.0.1; 192.168.1.0/24; };
forwarders {
203.0.10.100;
};
pid-file "/var/run/named/named.pid";
};
include "/var/named/conf/logging.conf";
include "/var/named/conf/zones.conf";
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
/var/named/conf/loggins.conf
Go hardcore with the logging:
logging {
channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; };
channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; };
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
/var/named/pri/localhost.zone
NOTE: See notes at end for information regarding serial number.
Loopback zone:
$TTL 1W @ IN SOA dns.localhost. root.localhost. ( 2007030501 ; Serial 28800 ; Refresh 14400 ; Retry 604800 ; Expire - 1 week 86400 ) ; Minimum @ IN NS dns dns IN A 127.0.0.1
/var/named/pri/127.zone
NOTE: See notes at end for information regarding serial number.
Loopback reverse zone:
$ORIGIN 127.in-addr.arpa. $TTL 1W @ 1D IN SOA localhost. root.localhost. ( 2007030501 ; serial 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS localhost. * 1D IN PTR localhost.
/var/named/conf/zones.conf
NOTE: See notes at end for information regarding reverse zone notation.
Your personal/custom zones configuration:
zone "named.root" {
type hint;
file "";
};
zone "home.lan" {
type master;
file "personal/home.lan.zone";
};
zone "100.1.168.192.in-addr.arpa" {
type master;
file "reverse/home.lan.zone";
};
/var/named/personal/home.lan.zone
NOTE: See notes at end for information regarding serial number.
Home lan zone :- provides resolution for "machine1.home.lan", "machine2.home.lan", etc:
$TTL 3D home.lan. IN SOA dns.home.lan. root.home.lan. ( 2007030501 ; Serial 1D ; Refresh 30M ; Retry 1W ; Expiry 1D ) ; Minimum @ IN NS dns.home.lan. @ IN NS dns.isp.com @ IN MX 0 mail.home.lan. dns IN A 192.168.1.100 mail IN A 192.168.1.150 router IN A 192.168.1.1 machine1 IN A 192.168.1.10 machine2 IN A 192.168.1.20 machine3 IN A 192.168.1.30 machine4 IN A 192.168.1.40 machine5 IN A 192.168.1.50 @ IN A 192.168.1.100
/var/named/reverse/home.lan.zone
NOTE: See notes at end for information regarding serial number.
Home lan reverse zone:
$TTL 3D @ IN SOA dns.home.lan. root.home.lan. ( 2007030501 ; Serial 1D ; Refresh 30M ; Retry 1W ; Expiry 1D ) ; Minimum @ IN NS dns.home.lan. @ IN NS dns.isp.com @ IN PTR home.lan. @ IN PTR dns.home.lan. @ IN PTR mail.home.lan. @ IN PTR router.home.lan. @ IN PTR machine1.home.lan. @ IN PTR machine2.home.lan. @ IN PTR machine3.home.lan. @ IN PTR machine4.home.lan. @ IN PTR machine5.home.lan.
Notes
Serial #
The serial number needs to be updated (and in fact incremented) each time you update your files. A common practice is to use the format:
YYYYmmDDxx YYYY : 4-digit year mm : 2-digit month DD : 2-digit day xx : 2 digit counter (for intra-daily updates)
Reverse Zones
The reverse zone "100.1.168.192.in-addr.arpa" is the reverse of the IP address (i.e. 192.168.1.100).
