Posted by: jasonk2600 | December 30, 2009

Debian GNU/Linux Authoritative DNS Server

Synopsis

This document describes the basic steps necessary to configure a system running Debian GNU/Linux to act as a master DNS server for a domain.  The BIND9 DNS server is utilized to accomplish this task.  NOTE: This document only details the steps to configure the master DNS server and does not detail how to configure a slave DNS server.

Installation

Install the BIND9 DNS server and associated utilities using the aptitude software management utility.

# aptitude install bind9 bind9utils

 

Configuration

First, modify the /etc/bind/named.conf.options file and configure BIND to forward any DNS requests it cannot answer to your ISP’s DNS server.  This can be done by setting the forwarders variable, within the options section.  In the example below, requests are forwarded onto a DNS server at 68.87.85.102.

options {

  forwarders {
    68.87.75.102;
  };
  
};

 

Next, modify the /etc/bind/named.conf.local file and configure the BIND9 DNS server settings for your domain.  NOTE: Replace yourdomain.com with your domain name and replace 10.0.1.2 with the IP address of your slave DNS server.

logging {
  channel yourdomain_log {
    file "/var/log/named/yourdomain.log" versions 3 size 2m;
    severity info;
    print-severity yes;
    print-time yes;
    print-category yes;
  };
  category default {
    yourdomain_log;
  };
};

zone "yourdomain.com" in {
  type master;
  file "/etc/bind/master/master.yourdomain.com"
  allow-transfer {10.0.1.2;};
};

zone "0.1.10.IN-ADDR.ARPA" in {
  type master;
  file "/etc/bind/master/10.0.1.rev"
  allow-transfer {10.0.1.2;};
};

 

Create the directories to hold the DNS data and log file for your domain.

# mkdir /etc/bind/master
# mkdir /var/log/named
# cd /var/log/named
# touch yourdomain.log
# chmod g+w yourdomain.log

 

Now create the file, /etc/bind/master/master.yourdomain.com, that store the DNS data for your domain. NOTE: ns1.yourdomain.com should point to the IP address of the Debian GNU/Linux DNS server.

$TTL 3600
yourdomain.com. IN SOA ns1.yourdomain.com. root.yourdomain.com. (
  2009122901 ; Serial
  10800      ; Refresh
  3600       ; Retry
  604800     ; Expire
  300        ; Negative Response TTL
)

; DNS Servers
  IN NS ns1.yourdomain.com.
  IN NS ns2.yourdomain.com.

; MX Records
  IN MX 10 mail.yourdomain.com.
  IN MX 20 mail2.yourdomain.com.

; Machine Records
localhost IN A 127.0.0.1
ns1       IN A 10.0.1.1
ns2       IN A 10.0.1.2
mail      IN A 10.0.1.1
mail2     IN A 10.0.1.2

; Aliases
www IN CNAME mail2.yourdomain.com.

 

Now edit the file, /etc/bind/master/10.0.1.rev, that stores the reverse DNS data for your domain.

$TTL 3600
1.0.10.in-addr.arpa. IN SOA ns1.yourdomain.com. root.yourdomain.com. (
  2009122901 ; Serial
  10800      ; Refresh
  3600       ; Retry
  604800     ; Expire
  300        ; Negative Response TTL
)

  IN NS ns1.yourdomain.com.
  IN NS ns2.yourdomain.com.

1 IN PTR ns1.yourdomain.com.
2 IN PTR ns2.yourdomain.com.

 

Finally, restart the BIND DNS server for the new settings to take effect.  Be sure to check /var/log/named/yourdomain.log for any error messages after BIND has restarted.

# /etc/init.d/bind9 restart
Stopping domain name service...: bind9.
Starting domain name service...: bind9.
# tail /var/log/named/yourdomain.log

 

Testing

Testing the new authoritative DNS server is straight forward. Configure another system to use the Debian GNU/Linux DNS server you have just setup. Try and ping one of the hosts in your domain that you have setup on the DNS server. The ping utility should be able to resolve the host’s IP address and will successfully send an ICMP ping packet. Again, check the /var/log/named/yourdomain.log log file for any error messages.

References

 

  [EoF]
Advertisements

Responses

  1. Dies ist sehr n�tzlich f�r info.Thanks schreiben.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: