dig

How to install DNS server using BIND from source

This article describe how to install BIND DNS software on your linux machine, this guide has been tested on CentOS 6.3 x86_64 but I guest also work on other linux distros with  dependencies adjustment. As far I know, BIND is popular software that use as domain name system server in internet. I choose BIND because a lot of documentations and good life cycle also the important thing is stable and secure (depend on your setup).

Prepare your Linux machine for BIND installation, first step please install the dependencies and other programs that use for compilation process.

# yum install -y openssl openssl-devel gcc glibc automake make

And then download source of BIND latest stable version from isc.org

# wget http://ftp.isc.org/isc/bind9/9.9.2/bind-9.9.2.tar.gz

Extract and enter to the bind directory

# tar -zxvf bind-9.9.2.tar.gz
# cd bind-9.9.2

Then configure and compile the source

# ./configure --prefix=/usr/local/named
# make
# make install

After the installation is completed, now is time to configure your DNS server.

Add user that owned named service and zone database.

#  useradd  -s /sbin/nologin -d /var/named named

Create named.conf on /usr/local/named/etc using your favorite editor, I’m using vim editor

# vi /usr/local/named/etc/named.conf
acl "bogon" {
   0.0.0.0/8;
   10.0.0.0/8;
   169.254.0.0/16;
   172.16.0.0/12;
   192.0.0.0/24;
   192.0.2.0/24;
   192.168.0.0/16;
   198.18.0.0/15;
   224.0.0.0/3;
};
options {
   directory "/var/named";
   allow-transfer { "xfer"; };
   pid-file "named.pid";
   auth-nxdomain no;
   listen-on port 53 { any; };
   listen-on-v6 { any; };
   statistics-file "data/named.stats";
   memstatistics-file "data/named.memstats";
   dump-file "data/named.dump";
   zone-statistics yes;
   notify no;
   max-cache-ttl 3600;
   max-ncache-ttl 1800;
   max-cache-size 15M;
   minimal-responses yes;
   transfer-format many-answers;
   max-transfer-time-in 100;
   interface-interval 0;
   recursion no;
   allow-query { any; };
   additional-from-auth no;
   additional-from-cache no;
   blackhole { bogon; };
   version "I saw a monkey :P";
};
zone "pnyet.web.id" {
   type master;
   file "master/db.pnyet.web.id";
};
zone "0.0.10.in-addr.arpa" {
   type master;
   file "master/db.10.0.0";
};
# Loopback address
zone "localhost" {
   type master;
   file "master/db.localhost";
};
zone "0.0.127.in-addr.arpa" {
   type master;
   file "master/db.127.0.0";
};
# Special zones
zone "255.in-addr.arpa" {
   type master;
   file "master/db.255";
};
zone "0.in-addr.arpa" {
   type master;
   file "master/db.0";
};
# Root zone
zone "." {
   type hint;
   file "master/named.root";
};

Then create zone database required :)
First, create zone database for domain pnyet.web.id

# cd /var/named/master
# vi db.pnyet.web.id
$TTL 3h

@ IN SOA dns1.pnyet.web.id. david.pnyet.web.id. (
        2012111100 ; serial
        3h         ; refresh after 3 hours
        1h         ; retry after 1 hour
        1w         ; expire after 1 week
        1h )       ; negative caching TTL of 1 hour

; Name servers
                IN NS           dns1.pnyet.web.id.
                IN NS           dns2.pnyet.web.id.

; Mail exchangers
                IN MX   0       mail.pnyet.web.id.
                IN MX   10      mail2.pnyet.web.id.

; Addresses for the canonical names
                IN A            10.172.192.3
blog            IN A            10.172.192.4
mail            IN A            10.172.192.1
mail2           IN A            10.172.192.2
dns1            IN A            10.0.0.10
dns2            IN A            10.0.1.10

; Aliases
www              IN CNAME        pnyet.web.id.

Create db.10.0.0 for canonical address to hostname

# vi db.10.0.0
$TTL 3h

@ IN SOA dns1.pnyet.web.id. david.pnyet.web.id. (
        2012111100 ; serial
        3h         ; refresh after 3 hours
        1h         ; retry after 1 hour
        1w         ; expire after 1 week
        1h )       ; negative caching TTL of 1 hour

; Name servers
                IN NS           dns1.pnyet.web.id.
                IN NS           dns2.pnyet.web.id.

; Addresses (pointing to canonical names)
1               IN PTR          host.0.1.pnyet.web.id.
2		IN PTR		host.0.2.pnyet.web.id.
10		IN PTR		dns1.pnyet.web.id.

Then create zone database for loopback

# vi db.localhost
$TTL 3h
@  IN  SOA  dns1.pnyet.web.id. david.pnyet.web.id.  (
            2012111101 ; serial
            3h ; refresh after 3 hours
            1h ; retry after 1 hour
            1w ; expire after 1 week
            1h ) ; negative caching TTL of 1 hour
; Name servers
           IN  NS  dns1.pnyet.web.id.
           IN  NS  dns2.pnyet.web.id.
; Addresses for the canonical names
           IN  A  127.0.0.1

Next, create db.127.0.0

# vi db.127.0.0
$TTL 3h

@ IN SOA dns1.pnyet.web.id. david.pnyet.web.id. (
        2012111100 ; serial
        3h         ; refresh after 3 hours
        1h         ; retry after 1 hour
        1w         ; expire after 1 week
        1h )       ; negative caching TTL of 1 hour

; Name servers
                IN NS           dns1.pnyet.web.id.
                IN NS           dns2.pnyet.web.id.

; Addresses (pointing to canonical names)
1               IN PTR          localhost.

Create db.255 for special zone, sometimes unnecessary need

# vi db.255
$TTL 3h
@ IN SOA dns1.pnyet.web.id. david.pnyet.web.id. (
	2012111100 ; serial
	3h ; refresh after 3 hours
	1h ; retry after 1 hour
	1w ; expire after 1 week
	1h ) ; negative caching TTL of 1 hour

; Name servers
	IN NS dns1.pnyet.web.id.
	IN NS dns2.pnyet.web.id.

Create db.0

# vi db.0
$TTL 3h
@ IN SOA dns1.pnyet.web.id. david.pnyet.web.id. (
	2012111100 ; serial
	3h ; refresh after 3 hours
	1h ; retry after 1 hour
	1w ; expire after 1 week
	1h ) ; negative caching TTL of 1 hour

; Name servers
	IN NS dns1.pnyet.web.id.
	IN NS dns2.pnyet.web.id.

To get list of root name servers you can download the list from internic or use the following command:

# wget http://www.internic.net/domain/named.root

And last, please change ownership of files on /var/named to named

# chown -R named.named /var/named

Add script auto start BIND when server boot up:

# vi /etc/rc.local
/usr/local/named/sbin/named -u named -c /usr/local/named/etc/named.conf

Then start your BIND using the following command

# /usr/local/named/sbin/named -u named -c /usr/local/named/etc/named.conf

And you will get the following messages on /var/log/messages

# tail -n 200 /var/log/messages

Nov 11 23:32:38 dns1 named[30698]: starting BIND 9.9.2 -u named -c /usr/local/named/etc/named.conf
Nov 11 23:32:38 dns1 named[30698]: built with ‘–prefix=/usr/local/named’
Nov 11 23:32:38 dns1 named[30698]: —————————————————-
Nov 11 23:32:38 dns1 named[30698]: BIND 9 is maintained by Internet Systems Consortium,
Nov 11 23:32:38 dns1 named[30698]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Nov 11 23:32:38 dns1 named[30698]: corporation. Support and training for BIND 9 are
Nov 11 23:32:38 dns1 named[30698]: available at https://www.isc.org/support
Nov 11 23:32:38 dns1 named[30698]: —————————————————-
Nov 11 23:32:38 dns1 named[30698]: using up to 4096 sockets
Nov 11 23:32:38 dns1 named[30698]: loading configuration from ‘/usr/local/named/etc/named.conf’
Nov 11 23:32:38 dns1 named[30698]: reading built-in trusted keys from file ‘/usr/local/named/etc/bind.keys’
Nov 11 23:32:38 dns1 named[30698]: using default UDP/IPv4 port range: [1024, 65535]
Nov 11 23:32:38 dns1 named[30698]: using default UDP/IPv6 port range: [1024, 65535]
Nov 11 23:32:38 dns1 named[30698]: listening on IPv6 interfaces, port 53
Nov 11 23:32:38 dns1 named[30698]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 11 23:32:38 dns1 named[30698]: listening on IPv4 interface eth0, 10.0.0.10#53
Nov 11 23:32:38 dns1 named[30698]: generating session key for dynamic DNS
Nov 11 23:32:39 dns1 named[30698]: sizing zone task pool based on 49 zones

Leave a Reply

Your email address will not be published. Required fields are marked *


*