Linux DNS server setup - Install and configure BIND in Slackware

This tutorial is a complete guide for setting up bind as a dns server in Linux operating system. We'll setup bind version 9 in Slackware 12.2. Here are all the steps needed to setup bind dns server in Slackware Linux:

  1. Install or upgrade bind package to the latest package released.
  2. Configure dns server configuration file.
  3. Setup additional zones.
  4. Start dns service.
  5. Testing and troubleshooting dns server.
  6. Setup a private bind dns server

Install or upgrade bind package to the latest package released

To install dns server in Linux system, you need to install bind package which contains all dns configuration files and dns testing tools such as >dig and nslookup. The first step we need to do is, use slackpkg to check the latest update packages for Slackware Linux operating system. If you don't have slackpkg in your system, you can use pkgtool or manually check for bind package in /var/log/packages directory. If you need to update the bind package manually, get the latest stable version from Slackware official website.

Run slackpkg update command to get the latest packages list from Slackware mirror site:

[email protected]:~# slackpkg update

Updating the package lists...
Downloading...
Downloading ChangeLog.txt...
--2009-03-24 18:36:08-- ftp://ftp.cerias.purdue.edu/pub/os/slackware/slackware-12.2/ChangeLog.txt
=> `/tmp/slackpkg.qLFhaR/ChangeLog.txt'
Resolving ftp.cerias.purdue.edu...
...
...
...
Formatting lists to slackpkg style...
Package List
Package descriptions

[email protected]:~#

Upgrade bind package if it is available. You can upgrade all packages to the latest version by running the slackpkg upgrade-all option. This step is necessary to make Slackware server patched to the latest security update.

[email protected]:~# slackpkg upgrade-all

Looking for packages to upgrade. Please wait...
...
...

Check Slackware bind package

[email protected]:~# slackpkg search bind

The list below shows all packages with the selected pattern.
[ upgrade ] - bind-9.4.3_P1-i486-1_slack12.2 --> bind-9.4.2_P2-i486-1

So bind package has been upgraded to the latest package released. Good, that's what we need. If you didn't find bind in your system, then you have to install bind package. Here is the command syntax on how to install bind package using slackpkg:

[email protected]:~# slackpkg install bind

Looking for bind in package list. Please wait... DONE

Install bind screenshot image

Click OK to install bind.

If you didn't installed slackpkg, then you can use pgktool and install bind package from Slackware installation dvd. Here are the steps:

  1. Insert dvd into dvd-rom drive.
  2. Mount dvd with this command: mount /dev/cdrom /mnt/cdrom or mount /dev/sdc /mnt/cdrom. Change sdc with your cdrom drive name.
  3. Change directory to /mnt/cdrom/slackware/n.
  4. Open pkgtool by invoke pkgtool from the command line.
  5. Choose Current - Install package from current directory.
  6. Unmount and eject cd with umount /mnt/cdrom/ and eject command respectively.

Configure dns server configuration file

The dns master configuration file is named.conf. Its location is /etc/named.conf. We better backup this file first for safety reason if we screw up later.

[email protected]:/etc# cp named.conf named.conf.bac
[email protected]:/etc# ls -l | grep named.conf
-rw-r--r-- 1 root root 681 2008-04-14 06:07 named.conf
-rw-r--r-- 1 root root 681 2008-12-01 01:13 named.conf.bak
[email protected]:/etc#

Let's view the named.conf file with less command:

options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;

/*
* ISP dns server ip address
*/
forward first;
forwarders {
200.188.1.123;
200.188.1.124;
};

};

//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "caching-example/named.root";
};

zone "localhost" IN {
type master;
file "caching-example/localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "caching-example/named.local";
allow-update { none; };
};

This is the default named.conf configuration. By default, named.conf file only configured for localhost. So we need to edit or add our domain in this file later. We also need to create new dns zone files for our domain. We can see that all dns zone files were kept in /var/named/caching-example directory. So let's view /var/named/caching-example directory:

[email protected]:/etc# ls -l /var/named/caching-example/
total 16
-rw-r--r-- 1 root root 195 2008-09-17 15:26 localhost.zone
-rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.ca
-rw-r--r-- 1 root root 433 2008-09-17 15:26 named.local
-rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.root
[email protected]:/etc#

Setup additional dns zones

You know that to setup dns you need a qualified domain name? That's true but not totally true. You can setup local BIND caching name server for your local network to speed up dns lookups, which in turn will speed up all of your Internet services. Here are examples of default configuration zone files for bind dns server:

This is localhost.zone file default configuration. It is configured for localhost:

$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

1D IN NS @
1D IN A 127.0.0.1

This is named.local file default configuration. As you can see in the /etc/named.conf file configuration above, this is the reverse dns configuration file, also configured for localhost:

$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.

When we added our new domain, we'll just need to copy and configure these two files to setup bind dns server, for private dns or public dns. We leave alone the cache zone file, named.ca and the master list of the root name servers, named.root. Well, the named.root should be update from time to time though. Normally once a month because it does not change very often. Get latest update named.root from ftp.internic.net.

These are normal terms or jargon that we should know to understand bind configuration files:

  • $TTL - sets a default time-to-live.
  • w - For week
  • d - For day
  • h - For hour
  • m - For minute
  • s - For second
  • @ - same as $ORIGIN.
  • IN - Defines the address class; IN = Internet.
  • SOA - Start of Authority - Indicates authority for this zone.
  • Serial number - Serial number in YYYYMMDDSS, where SS is number the file changed.
  • Refresh - Tells dns slave, or secondary servers how often to check for updates.
  • Retry - Tells the secondary server how often it should resend the request if fails.
  • Expire - Period of time the secondary server can use its existing data.
  • Minimum, or Negative-caching TTL - Cached on non-authoritative servers.
  • A - Alias record - Name-to-address mapping.
  • PTR - Address-to-name mapping.
  • CNAME - (canonical name) alias to an A record.
  • NS - Lists a nameserver for this zone.

Setup local caching name server(cache dns)

In Slackware, we don't have to edit anything to setup local caching name server. As you can see above, the localhost already configured! What we have to do is just enable bind daemon and run the service. Let's see if what I say is true.

Start dns service

Bind uses standalone server which means it's not included in inetd master server. So we have to make it executable to start the service. Here are the steps you need to do:

Change bind daemon's permission and make it executable. Here is an example:

[email protected]:~# ls -l /etc/rc.d/rc.bind
-rw-r--r-- 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind
[email protected]:~# chmod 755 /etc/rc.d/rc.bind
[email protected]:~# ls -l /etc/rc.d/rc.bind
-rwxr-xr-x 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind*
[email protected]:~#

Now we can start the service. Here is an example command to start bind service(dns service) in Slackware:

[email protected]:~# /etc/rc.d/rc.bind start
Starting BIND: /usr/sbin/named
[email protected]:~#

The bind service has been started and it should be running now. But how do we now that our local caching name server is running ok?

Testing and troubleshooting dns server

To check named.conf configuration file, we can use named-checkconf tool:

[email protected]:~# named-checkconf /etc/named.conf

To check zone configuration file, we can use named-checkzone tool:

[email protected]:~# named-checkzone localhost /var/named/caching-example/localhost.zone

Use dig command to query reverse lookup.

[email protected]:~# dig -x 127.0.0.1

; > DiG 9.4.2-P2 > -x 127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;1.0.0.127.in-addr.arpa. IN PTR

;; ANSWER SECTION:
1.0.0.127.in-addr.arpa. 10000 IN PTR localhost.

;; Query time: 7 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Dec 1 22:59:54 2008
;; MSG SIZE rcvd: 63

Run dig hostname command to query server response.

[email protected]:~# dig localhost

; > DiG 9.4.2-P2 > localhost
;; global options: printcmd
;; Got answer:
;; ->>HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;localhost. IN A

;; ANSWER SECTION:
localhost. 10000 IN A 127.0.0.1

;; Query time: 3 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Dec 1 23:01:09 2008
;; MSG SIZE rcvd: 43

[email protected]:~#

We got response there, didn't we? At the answer section there we got localhost respond to our query.

Setup a private bind dns server

To setup a private bind dns server, we need to add a new zone in the /etc/named.conf file and configure a new zone in /var/named/caching-example. This is an example of a new zone and it's reversed name resolution zone that you can add in /etc/named.conf for private dns server:

zone "example.com" in {
allow-transfer { any; };
file "caching-example/zone.example.com";
type master;
};

// Set up reversed name resolution
zone "1.168.192.in-addr.arpa" {
type master;
file "caching-example/192.zone";
};

Make a copy of localhost.zone file and named it zone.example.com (name it zone.yourdomain.com). Below is my zone.example.com configuration. You can edit this file, add other servers you have in your network and just change names and ip addresses to your own.

;
; Data for private bind dns server
;
$TTL 1D
@ 1D IN SOA slackware.example.com. root.example.com. (
2008120101 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum

;

@ IN NS slackware.example.com.
@ IN A 192.168.1.3
slackware IN A 192.168.1.3
web IN CNAME slackware.example.com.

This is the reversed name resolution zone configuration:

;
; Reverse lookup dns zone file for private bind dns server
;
$TTL 1D
@ IN SOA slackware.example.com. root.example.com. (
2008112302 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL

@ IN NS slackware.
3 IN CNAME slackware.example.com.

You need to restart the bind service before your new dns takes effect. Before you restart the service, make sure you check /etc/named.conf and zone files syntax as mentioned in the testing dns section above. If you encounter problems, you can always check log file in /var/log/messages.

Setting up a private and a public dns server is the same except for a public bind dns server you need a qualified domain name and ip address. So you can practice create a private bind dns server for your LAN first before implement the real public bind dns setup. That's all. Good luck!

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.