Jump to content

  •  

Photo

How to install bind9 on Ubuntu Server 12.04


  • Please log in to reply
No replies to this topic

#1 brent

brent

    Administrator

  • Administrators
  • 11 posts

Posted 12 November 2013 - 11:01 PM

Installing Bind9 on Ubuntu

Installing Bind9 (DNS Server) is a breeze on Ubuntu. Three packages will need to be installed: bind9, dnsutils, and bind9-doc.

  • bind9:  The DNS service.
  • dnsutils:  A set of tools such as dig which can be helpful for testing and trouble shooting. 
  • bind9-doc:  Local info pages with information about bind and its configuration options. This is optional but recommended. 

You will need to be at the console of your Ubuntu server or have SSH setup and connected to your soon to be bind9 DNS server. Lets install the packages with the following command:

sudo apt-get install bind9 dnsutils bind9-doc

 

Basic Bind Configuration

The next step is to configure the forwards addresses for bind. This tell bind where to look if it doesn't know the IP address of a domain. In this example we will use Google's Public DNS servers for the forward DNS servers. Google's DNS servers are fast, free, and have easy to remember IP addresses. If you want you can use your local  internet provider's DNS servers. Another option is to use OpenDNS which gives you the ability to filter content. This can be nice if you have young children on the internet.  

 

Let's edit /etc/bind/named.conf.options and define the forward addresses. To keep things simple we will use the nano text editor in this tutorial. If you want to use Vim or Emacs instead, feel free to do so. 

sudo nano /etc/bind/named.conf.options
 forwarders {
                8.8.8.8;
                8.8.4.4;
         };

        

recursion yes;   // to allow for DNS forward lookup

 

 
Since we are using Google's Public DNS servers, we will want to replace  0.0.0.0 with Google's DNS server IPs 8.8.8.8 and 8.8.4.4.
We also want to change the recursion no; to yes to use ISP dns for look up. 
 

The next step is to edit /etc/bind/named.conf.local. This file holds information on what zones to load when Bind9 is started. We will setup two zones files to load, the Forward and Reverse zones.  

In this example we will setup an internal domain with tne name linux.rocks. If you want to use something else just make sure you replace linux.rocks in the following steps with your internal domain name. The internal domain can be whatever you want. 

The reason I am using linux.rocks instead of something like linux.com, linux.net, linux.org..etc is a real domain on the internet could have this address.  If this was the case I would not be able to access the real domain on the  internet. Instead I would be directed to a device on my internal network.  

At this time .rocks is not a top level domain on the internet, but it does not mean it won't be tommorow. If you want to be sure there is no way your domain could be used externally, use a reserved top level domain like .test, .example, .invalid or .localhost. So in this example we could use linux.test and not have to worry about that domain every being a real domain on the internet. To learn more about reserved domains check out http://tools.ietf.org/html/rfc2606

 

We will need to figure out our IP address range of our internal network so we can build the correct reverse zone lookup file.  

When looking at our IP address the part we care about is the first three sets of octets (numbers). Then we just reverse them.  So If my IP address is 192.168.1.100 my reverse lookup zone would be 1.168.192.in-addr.arpa. If my IP address is 172.20.16.120 my reverse zone would be 16.20.172.in-addr.arpa . 

 

sudo nano /etc/bind/named.conf.local

 

Add The following. 

Note:  Replace linux.local with the internal domain name you picked and replace 96.168.192  with your IP address scheme. Adjust the zone file names to fit your setup and make note of the names (db.linux.local and db.192) because we will need to build these files in the next few steps.  

 

 

zone "linux.local" {
             type master;
             file "/etc/bind/db.linux.local";
        };
 
zone "2.168.198.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.192";
};

 

Building Your DNS Forward Zone

Now that we have defined what zone files to load when Bind starts, we need to create these files. The first file we need to build is the forward zone file (db.linux.rocks). We can use a template to help speed things and prevent mistakes. Let's copy  /etc/bind/db.local and name the file to the name we defined above in /etc/bind/named.conf.local . (Example: db.linux.rocks)

sudo cp /etc/bind/db.local /etc/bind/db.linux.local
sudo nano /etc/bind/db.linux.local

 

 

Here is what the file should look like:

 


; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     Server1.linux.local.  root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      Server1.linux.local.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1

;Below are A Record Addresses

firewall        IN      A       192.168.2.1
server1         IN      A       192.168.2.110
printer         IN      A       192.168.2.135

; Below are CNAME Record Addresses (Aliases) - Point to an A Record Address

;Server1        IN      CNAME   Server1.linux.local.
;firewall       IN      CNAME   firewall.linux.local.
;printer        IN      CNAME   printer.linux.local.

Building Your Reverse Lookup

Reverse DNS is not a must have but it is very good practice and some services need it. Often times things can act a little goofy if it's not setup. It does the opposite of the forward zone file and maps IP addresses to names. 

You can use nslookup to look up a name by IP address.

Here is an example of me doing an nslookup on up address 192.168.96.1

Note: This was done after the reverse zone was setup and running

sudo cp /etc/bind/db.127 /etc/bind/db.192

now lets edit the file

sudo nano /etc/bind/db.192

here is what it should look like

 

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     Server1.linux.local. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      Server1.linux.local.
1       IN      PTR     firewall.linux.local.
110     IN      PTR     Server1.linux.local.
135     IN      PTR     printer.linux.local.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users