Linux basic configurations - linux dns en Linux DNS server setup - Install and configure BIND in Slackware <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>This tutorial is a complete guide for setting up <b>bind</b> as a dns server in Linux operating system. We'll setup bind version 9 in Slackware 12.2. Here are all the steps needed to setup bind dns server in Slackware Linux:</p> <ol><li>Install or upgrade bind package to the latest package released.</li> <li>Configure dns server configuration file.</li> <li>Setup additional zones. </li> <li>Start dns service.</li> <li>Testing and troubleshooting dns server.</li> <li>Setup a private bind dns server</li> </ol><h2>Install or upgrade bind package to the latest package released</h2> <p>To install dns server in Linux system, you need to install <em>bind package</em> which contains all dns configuration files and dns testing tools such as <em>&gt;dig</em> and <em>nslookup</em>. The first step we need to do is, use slackpkg to check the latest update packages for Slackware Linux operating system. If you don't have slackpkg in your system, you can use pkgtool or manually check for bind package in /var/log/packages directory. If you need to update the bind package manually, get the latest stable version from Slackware official website. </p> <p>Run <b>slackpkg update</b> command to get the latest packages list from Slackware mirror site:</p> <table><tr><td><code>root@slackware:~# slackpkg update<br /><br /> Updating the package lists...<br /> Downloading...<br /> Downloading ChangeLog.txt...<br /> --2009-03-24 18:36:08--<br /> =&gt; `/tmp/slackpkg.qLFhaR/ChangeLog.txt'<br /> Resolving<br /> ...<br /> ...<br /> ...<br /> Formatting lists to slackpkg style...<br /> Package List<br /> Package descriptions<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p>Upgrade bind package if it is available. You can upgrade all packages to the latest version by running the slackpkg upgrade-all option. This step is necessary to make Slackware server patched to the latest security update.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg upgrade-all</span><br /><br /> Looking for packages to upgrade. Please wait...<br /> ...<br /> ...<br /></code></td> </tr></table><p>Check Slackware bind package</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg search bind</span> <p>The list below shows all packages with the selected pattern.<br /><span style="color:blue;">[ upgrade ] - bind-9.4.3_P1-i486-1_slack12.2 --&gt; bind-9.4.2_P2-i486-1</span><br /></p></code></td> </tr></table><p>So bind package has been upgraded to the latest package released. Good, that's what we need. If you didn't find bind in your system, then you have to install bind package. Here is the command syntax on how to install bind package using slackpkg:</p> <table><tr><td><code>root@slackware:~# slackpkg install bind<br /><br /> Looking for bind in package list. Please wait... DONE<br /></code></td> </tr></table><p><a href="" title="Image" target="_blank"><img src="" alt="Install bind screenshot image" /></a></p> <p>Click OK to install bind.</p> <p>If you didn't installed slackpkg, then you can use pgktool and install bind package from Slackware installation dvd. Here are the steps:</p> <ol><li>Insert dvd into dvd-rom drive.</li> <li>Mount dvd with this command: <b>mount /dev/cdrom /mnt/cdrom</b> or <b>mount /dev/sdc /mnt/cdrom</b>. Change <i>sdc</i> with your cdrom drive name.</li> <li>Change directory to /mnt/cdrom/slackware/n. </li> <li>Open pkgtool by invoke pkgtool from the command line. </li> <li>Choose <b>Current - Install package from current directory</b>.</li> <li>Unmount and eject cd with <b>umount /mnt/cdrom/</b> and <b>eject</b> command respectively.</li> </ol><h2>Configure dns server configuration file</h2> <p>The dns master configuration file is named.conf. Its location is /etc/named.conf. We better backup this file first for safety reason if we screw up later.</p> <table><tr><td><code>root@slackware:/etc# <span style="color:red;">cp named.conf named.conf.bac</span><br /> root@slackware:/etc# <span style="color:red;">ls -l | grep named.conf</span><br /> -rw-r--r-- 1 root root 681 2008-04-14 06:07 named.conf<br /> -rw-r--r-- 1 root root 681 2008-12-01 01:13 named.conf.bak<br /> root@slackware:/etc#<br /></code></td> </tr></table><p>Let's view the named.conf file with less command: </p> <table><tr><td><code>options {<br /> directory "/var/named";<br /> /*<br /> * If there is a firewall between you and nameservers you want<br /> * to talk to, you might need to uncomment the query-source<br /> * directive below. Previous versions of BIND always asked<br /> * questions using port 53, but BIND 8.1 uses an unprivileged<br /> * port by default.<br /> */<br /> // query-source address * port 53;<br /><br /> /*<br /> * ISP dns server ip address<br /> */<br /> forward first;<br /> forwarders {<br />;<br />;<br /> };<br /><br /> };<br /><br /> //<br /> // a caching only nameserver config<br /> //<br /> zone "." IN {<br /> type hint;<br /> file "caching-example/named.root";<br /> };<br /><br /> zone "localhost" IN {<br /> type master;<br /> file "caching-example/";<br /> allow-update { none; };<br /> };<br /><br /> zone "" IN {<br /> type master;<br /> file "caching-example/named.local";<br /> allow-update { none; };<br /> };<br /></code></td> </tr></table><p>This is the default named.conf configuration. By default, named.conf file only configured for localhost. So we need to edit or add our domain in this file later. We also need to create new dns zone files for our domain. We can see that all dns zone files were kept in /var/named/caching-example directory. So let's view /var/named/caching-example directory: </p> <table><tr><td><code>root@slackware:/etc# <span style="color:red;">ls -l /var/named/caching-example/</span><br /> total 16<br /> -rw-r--r-- 1 root root 195 2008-09-17 15:26<br /> -rw-r--r-- 1 root root 2878 2008-09-17 15:26<br /> -rw-r--r-- 1 root root 433 2008-09-17 15:26 named.local<br /> -rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.root<br /> root@slackware:/etc#<br /></code></td> </tr></table><h2>Setup additional dns zones</h2> <p>You know that to setup dns you need a qualified domain name? That's true but not totally true. You can setup local BIND caching name server for your local network to speed up dns lookups, which in turn will speed up all of your Internet services. Here are examples of default configuration zone files for bind dns server:</p> <p>This is file default configuration. It is configured for localhost:</p> <table><tr><td><code>$TTL 86400<br /> $ORIGIN localhost.<br /> @ 1D IN SOA @ root (<br /> 42 ; serial (d. adams)<br /> 3H ; refresh<br /> 15M ; retry<br /> 1W ; expiry<br /> 1D ) ; minimum<br /><br /> 1D IN NS @<br /> 1D IN A<br /></code></td> </tr></table><p>This is named.local file default configuration. As you can see in the /etc/named.conf file configuration above, this is the reverse dns configuration file, also configured for localhost:</p> <table><tr><td><code>$TTL 86400<br /> @ IN SOA localhost. root.localhost. (<br /> 1997022700 ; Serial<br /> 28800 ; Refresh<br /> 14400 ; Retry<br /> 3600000 ; Expire<br /> 86400 ) ; Minimum<br /> IN NS localhost.<br /><br /> 1 IN PTR localhost.<br /></code></td> </tr></table><p>When we added our new domain, we'll just need to copy and configure these two files to setup bind dns server, for private dns or public dns. We leave alone the cache zone file, <em></em> and the master list of the root name servers, <em>named.root</em>. Well, the named.root should be update from time to time though. Normally once a month because it does not change very often. Get latest update named.root from <a href="" target="_blank"></a>.</p> <p>These are normal terms or jargon that we should know to understand bind configuration files:</p> <ul><li>$TTL - sets a default time-to-live. </li> <li>w - For week</li> <li>d - For day</li> <li>h - For hour</li> <li>m - For minute</li> <li>s - For second</li> <li>@ - same as $ORIGIN.</li> <li>IN - Defines the address class; IN = Internet.</li> <li>SOA - Start of Authority - Indicates authority for this zone.</li> <li>Serial number - Serial number in YYYYMMDDSS, where SS is number the file changed.</li> <li>Refresh - Tells dns slave, or secondary servers how often to check for updates.</li> <li>Retry - Tells the secondary server how often it should resend the request if fails.</li> <li>Expire - Period of time the secondary server can use its existing data.</li> <li>Minimum, or Negative-caching TTL - Cached on non-authoritative servers.</li> <li>A - Alias record - Name-to-address mapping.</li> <li>PTR - Address-to-name mapping.</li> <li>CNAME - (canonical name) alias to an A record.</li> <li>NS - Lists a nameserver for this zone.</li> </ul><h2>Setup local caching name server(cache dns)</h2> <p>In Slackware, we don't have to edit anything to setup local caching name server. As you can see above, the localhost already configured! What we have to do is just enable bind daemon and run the service. Let's see if what I say is true.</p> <h2>Start dns service</h2> <p>Bind uses standalone server which means it's not included in <em>inetd</em> master server. So we have to make it executable to start the service. Here are the steps you need to do:</p> <p>Change bind daemon's permission and make it executable. Here is an example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/rc.bind</span><br /> -rw-r--r-- 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind<br /> root@slackware:~# <span style="color:red;">chmod 755 /etc/rc.d/rc.bind</span><br /> root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/rc.bind</span><br /> -rwxr-xr-x 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind*<br /> root@slackware:~#<br /></code></td> </tr></table><p>Now we can start the service. Here is an example command to start bind service(dns service) in Slackware:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.bind start</span><br /> Starting BIND: /usr/sbin/named<br /> root@slackware:~#<br /></code></td> </tr></table><p>The bind service has been started and it should be running now. But how do we now that our local caching name server is running ok?</p> <h2>Testing and troubleshooting dns server</h2> <p>To check named.conf configuration file, we can use <b>named-checkconf</b> tool:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">named-checkconf /etc/named.conf</span><br /></code></td> </tr></table><p>To check zone configuration file, we can use <b>named-checkzone</b> tool:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">named-checkzone localhost /var/named/caching-example/</span><br /></code></td> </tr></table><p>Use dig command to query reverse lookup.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">dig -x</span> <p>; &gt; DiG 9.4.2-P2 &gt; -x<br /> ;; global options: printcmd<br /> ;; Got answer:<br /> ;; -&gt;&gt;HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br /> ;; WARNING: recursion requested but not available<br /><br /> ;; QUESTION SECTION:<br /> ; IN PTR<br /><br /> ;; ANSWER SECTION:<br /> 10000 IN PTR localhost.<br /><br /> ;; Query time: 7 msec<br /> ;; SERVER:<br /> ;; WHEN: Mon Dec 1 22:59:54 2008<br /> ;; MSG SIZE rcvd: 63<br /></p></code></td> </tr></table><p>Run <em>dig hostname</em> command to query server response.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">dig localhost</span><br /><br /> ; &gt; DiG 9.4.2-P2 &gt; localhost<br /> ;; global options: printcmd<br /> ;; Got answer:<br /> ;; -&gt;&gt;HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br /> ;; WARNING: recursion requested but not available<br /><br /> ;; QUESTION SECTION:<br /> ;localhost. IN A<br /><br /> ;; ANSWER SECTION:<br /> localhost. 10000 IN A<br /><br /> ;; Query time: 3 msec<br /> ;; SERVER:<br /> ;; WHEN: Mon Dec 1 23:01:09 2008<br /> ;; MSG SIZE rcvd: 43<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p>We got response there, didn't we? At the answer section there we got <b>localhost</b> respond to our query.</p> <h2>Setup a private bind dns server</h2> <p>To setup a private bind dns server, we need to add a new zone in the /etc/named.conf file and configure a new zone in /var/named/caching-example. This is an example of a new zone and it's reversed name resolution zone that you can add in /etc/named.conf for private dns server:</p> <table><tr><td><code>zone "" in {<br /> allow-transfer { any; };<br /> file "caching-example/";<br /> type master;<br /> };<br /><br /> // Set up reversed name resolution<br /> zone "" {<br /> type master;<br /> file "caching-example/";<br /> };<br /></code></td> </tr></table><p>Make a copy of <em></em> file and named it (name it Below is my configuration. You can edit this file, add other servers you have in your network and just change names and ip addresses to your own.</p> <table><tr><td><code>;<br /> ; Data for private bind dns server<br /> ;<br /> $TTL 1D<br /> @ 1D IN SOA (<br /> 2008120101 ; serial<br /> 3H ; refresh<br /> 15M ; retry<br /> 1W ; expiry<br /> 1D ) ; minimum<br /><br /> ;<br /><br /> @ IN NS<br /> @ IN A<br /> slackware IN A<br /> web IN CNAME<br /></code></td> </tr></table><p>This is the reversed name resolution zone configuration:</p> <table><tr><td><code>;<br /> ; Reverse lookup dns zone file for private bind dns server<br /> ;<br /> $TTL 1D<br /> @ IN SOA (<br /> 2008112302 ; Serial<br /> 604800 ; Refresh<br /> 86400 ; Retry<br /> 2419200 ; Expire<br /> 86400 ) ; Negative Cache TTL<br /><br /> @ IN NS slackware.<br /> 3 IN CNAME<br /></code></td> </tr></table><p>You need to restart the bind service before your new dns takes effect. Before you restart the service, make sure you check /etc/named.conf and zone files syntax as mentioned in the testing dns section above. If you encounter problems, you can always check log file in <b>/var/log/messages</b>.</p> <p>Setting up a private and a public dns server is the same except for a public bind dns server you need a qualified domain name and ip address. So you can practice create a private bind dns server for your LAN first before implement the real public bind dns setup. That's all. Good luck!</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/20" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux dns</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div></div></div> Tue, 24 Mar 2009 11:10:32 +0000 jinlusuh 124 at