Linux Pathfinder: Linux Howtos and Tutorials

How To Install the BIND DNS Server on Linux

How To Install the BIND DNS Server on Linux
How To Install the BIND DNS Server on Linux

BIND (Berkely Internet Name Domain) is a popular software for translating domain names into IP addresses and usually found on Linux servers. In this how-to tutorial we are going to explain the basic concepts of DNS BIND and analyse the associated files required to successfully setup your own DNS BIND server.

We will go through BIND DNS with below sample scenario:

  • nameserver IP address 192.168.31.130
  • sample domain: linuxpathfinder.com
  • authoritative nameservers for a linuxpathfinder.com zone: ns1.linuxpathfinder.com ( 192.168.1.11 ) and ns2.linuxpathfinder.com ( 192.168.1.12 )
  • www and mail services for linuxpathfinder.com will point to: 192.168.1.11

Install BIND Nameserver

You will install BIND nameserver on a Debian or Ubuntu linux server as follows:

apt-get install bind9 dnsutils

On a CentOS or Fedora follow the command.

yum install bind bind-utils

Creating a DNS zone file

On this step we will create a new zone file for a domain linuxpathfinder.com. Now we will go through as follows.

cd /etc/bind
mkdir -p zones/master
cd zones/master/

After create /etc/bind/zones/master directory we will create a zone file named with db.linuxpathfinder.com. This file hold a DNS record to assist a nameserver resolve a fully qualified domain name to an IP address. Now configure following content after crete db.linuxpathfinder.com and save it.

;
; BIND data file for linuxpathfinder.com
;
$TTL    3h
@       IN      SOA     ns1.linuxpathfinder.com. admin.linuxpathfinder.com. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
@       IN      NS      ns1.linuxpathfinder.com.
@       IN      NS      ns2.linuxpathfinder.com.

linuxpathfinder.com.    IN      MX      10      mail.linuxpathfinder.com.
linuxpathfinder.com.    IN      A       192.168.1.11
ns1                     IN      A       192.168.1.11
ns2                     IN      A       192.168.1.12
www                     IN      CNAME   linuxpathfinder.com.
mail                    IN      A       192.168.1.11
ftp                     IN      CNAME   linuxpathfinder.com.

Here is just a quick review Resource Records (RR) we use in BIND server zones file.

Start of Authority (SOA) Resource Records

The record specifies core information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.

NS Resource Records

The name server (NS) resource record indicates the servers authoritative for the zone. They indicate primary and secondary servers for the zone specified in the SOA resource record, and they indicate the servers for any delegated zones. Every zone must contain at least one NS record at the zone root.

A Resource Records

The address (A) resource record maps an FQDN to an IP address, so the resolvers can request the corresponding IP address for an FQDN. For example, the following A resource record, located in the zone linuxpathfinder.com, maps the FQDN of the server to its IP address:

linuxpathfinder.com IN A 192.168.1.11

PTR Records

The pointer (PTR) resource record , in contrast to the A resource record, maps an IP address to an FQDN. For example, the following PTR resource record maps the IP address of linuxpathfinder.com to its FQDN:

11.1.168.192.in-addr.arpa.   IN      PTR     linuxpathfinder.com.

CNAME Resource Records

The canonical name (CNAME) resource record creates an alias (synonymous name) for the specified FQDN. You can use CNAME records to hide the implementation details of your network from the clients that connect to it. For example, suppose you want to put an FTP server named ftp1.linuxpathfinder.com on your linuxpathfinder.com subdomain, but you know that in six months you will move it to a computer named ftp2.linuxpathfinder.com, and you do not want your users to have to know about the change. You can just create an alias called ftp.linuxpathfinder.com that points to ftp1.linuxpathfinder.com, and then when you move your computer, you need only change the CNAME record to point to ftp2.linuxpathfinder.com. For example, the following CNAME resource record creates an alias for ftp1.linuxpathfinder.com:

ftp.linuxpathfinder.com. IN CNAME ftp1.linuxpathfinder.com.

Once a DNS client queries for the A resource record for ftp.linuxpathfinder.com, the DNS server finds the CNAME resource record, resolves the query for the A resource record for ftp1.linuxpathfinder.com, and returns both the A and CNAME resource records to the client.

MX Resource Records

The mail exchange (MX) resource record specifies a mail exchange server for a DNS domain name. A mail exchange server is a host that will either process or forward mail for the DNS domain name. Processing the mail means either delivering it to the addressee or passing it to a different type of mail transport. Forwarding the mail means sending it to its final destination server, sending it using Simple Mail Transfer Protocol (SMTP) to another mail exchange server that is closer to the final destination, or queuing it for a specified amount of time.

SRV Records

Service (SRV) resource records enable you to specify the location of the servers for a specific service, protocol, and DNS domain. Thus, if you have two Web servers in your domain, you can create SRV resource records specifying which hosts serve as Web servers, and resolvers can then retrieve all the SRV resource records for the Web servers.

Mapping Address-to-Name

Now we will have to create a zone file named with db.192.168.1 to resolve a host from an IP address. It will resolve an IP address mapped to a linuxpathfinder.com host. Create a new zone with a following content:

;
; BIND reverse data file for 1.168.192.in-addr.arpa
;
$TTL    604800
1.168.192.in-addr.arpa.      IN      SOA     ns1.linuxpathfinder.com. admin.linuxpathfinder.com. (
                          1         ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
1.168.192.in-addr.arpa.       IN      NS      ns1.linuxpathfinder.com.
1.168.192.in-addr.arpa.       IN      NS      ns2.linuxpathfinder.com.

11.1.168.192.in-addr.arpa.   IN      PTR     linuxpathfinder.com.

Updating a BIND Configuration File

So far we have two files ready:

    /etc/bind/zones/master/db.linuxpathfinder.com
    /etc/bind/zones/master/db.192.168.1

Now insert both zone file names into a bind's configuration file named.conf.local with following:

zone "linuxpathfinder.com" {
       type master;
       file "/etc/bind/zones/master/db.linuxpathfinder.com";
};

zone "1.168.192.in-addr.arpa" {
       type master;
       file "/etc/bind/zones/master/db.192.168.1";
};

Now we will need to add an IP address of a stable DNS server to a named.conf.options file. This IP address is used in case that a local DNS server do not know the answer the a name resolution query. We can use google DNS IP address 8.8.8.8 or 8.8.4.4 alternatively.

Replace a following blog of text withing a named.conf.options file:

       // forwarders {
       //      0.0.0.0;
       // };

with new stable DNS server IP address

        forwarders {
              8.8.4.4;
         };

Verifying Bind's Zone Files and Configuration

Before we restarting bind server services with creating new zone and its configs. First we will verify zones and configuration to confirm whether it is safe to go.

Run the following command to check a configuration files.

named-checkconf

If you found no output that means your zones files and configuration looks safe to go.

We can also check DNS zone files with following command.

named-checkzone linuxpathfinder.com /etc/bind/zones/master/db.linuxpathfinder.com
zone linuxpathfinder.com/IN: loaded serial 1
OK

To check DNS Reverse Zone file use as follows.

named-checkzone 1.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.1
zone 1.168.192.in-addr.arpa/IN: loaded serial 1
OK

Bind NameServer Services

To check status of BIND services.

systemctl status bind9.service
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: inactive (dead) since Thu 2016-10-06 22:34:36 PDT; 2s ago
     Docs: man:named(8)
  Process: 7927 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
  Process: 7897 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=0/SUCCESS)
 Main PID: 7897 (code=exited, status=0/SUCCESS)

Start the domain name service.

 systemctl start bind9.service
root@nagios:/etc/bind# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Thu 2016-10-06 22:34:45 PDT; 1s ago
     Docs: man:named(8)
  Process: 7927 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 7952 (named)
    Tasks: 4 (limit: 512)
   CGroup: /system.slice/bind9.service
           └─7952 /usr/sbin/named -f -u bind

Test Bind NameServer Configuration

In our scenario our nameserver IP is 192.168.31.130. Now we will test Host-to-IP resolution with dig (Domain Information Groper) command from localhost.

dig @192.168.31.130 www.linuxpathfinder.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.31.130 www.linuxpathfinder.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33737
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.linuxpathfinder.com.       IN      A

;; ANSWER SECTION:
www.linuxpathfinder.com. 10800  IN      CNAME   linuxpathfinder.com.
linuxpathfinder.com.    10800   IN      A       192.168.1.11

;; AUTHORITY SECTION:
linuxpathfinder.com.    10800   IN      NS      ns2.linuxpathfinder.com.
linuxpathfinder.com.    10800   IN      NS      ns1.linuxpathfinder.com.

;; ADDITIONAL SECTION:
ns1.linuxpathfinder.com. 10800  IN      A       192.168.1.11
ns2.linuxpathfinder.com. 10800  IN      A       192.168.1.12

;; Query time: 0 msec
;; SERVER: 192.168.31.130#53(192.168.31.130)
;; WHEN: Thu Oct 06 22:41:32 PDT 2016
;; MSG SIZE  rcvd: 150

We have successfully tested the Host-to-IP resolution. Lets get started IP-to-Host resolution as follows:

dig @192.168.31.130 -x 192.168.1.11

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @192.168.31.130 -x 192.168.1.11
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35857
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;11.1.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
11.1.168.192.in-addr.arpa. 604800 IN    PTR     linuxpathfinder.com.

;; AUTHORITY SECTION:
1.168.192.in-addr.arpa. 604800  IN      NS      ns1.linuxpathfinder.com.
1.168.192.in-addr.arpa. 604800  IN      NS      ns2.linuxpathfinder.com.

;; ADDITIONAL SECTION:
ns1.linuxpathfinder.com. 10800  IN      A       192.168.1.11
ns2.linuxpathfinder.com. 10800  IN      A       192.168.1.12

;; Query time: 0 msec
;; SERVER: 192.168.31.130#53(192.168.31.130)
;; WHEN: Thu Oct 06 22:45:29 PDT 2016
;; MSG SIZE  rcvd: 155

We have successfully installed and configured DNS zone and its configuration using BIND nameserver.

Share this article:

Asif Khan's picture
I am an experienced Linux System and Network Administrator with having more than 10 years of experience. My primary responsibilities are to keep up and running Linux system environment, backups important data with scripting and configuration management on AWS Linux server environments. My aim is to help people, in finding their path towards a solution to their problems. Well, I believe helping others can good for both parties, to them and to you as well. That day and today is the day that thousands of people seek help from my website to help people find answers to their questions. I am sure that everyone will get all the answers to their questions related to software and operating system, and this website will help you keep your system updated.

Add new comment

Image CAPTCHA

Enter the characters shown in the image.