How to Host Your Own Domain with Bind9 on Ubuntu


INSTALLING BIND 9

Before we start, keep in mind that you'll need root privileges to install and configure bind. I prefer switching user to root and execute the commands, rather than using sudo so this guide will assume you do the same. Otherwise, add 'sudo' before every command.

Moreover, for this guide, I'll use as an example the domain "linux.lan" and IP addresses "10.10.0.77 and 10.10.0.78". You'll have to replace them with your own.

. Switching to user root in a terminal and check for updates:
CODE

$ sudo passwd root
Password: (Enter the password for current user)
Enter new UNIX password: (Enter the password you want to set for root)
Retype new UNIX password: (Retype root password)
passwd: password updated successfully

$ su -
Password: (Enter root password here)

# apt-get update; apt-get upgrade


. Install BIND9:
CODE

# apt-get install bind9


CONFIGURING BIND

. Ubuntu provides you with a pre-configured version of Bind so you will only have to open the file /etc/bind/named.conf.local in your favorite editor and insert your zones. A zone is a domain name that is referenced in the
DNS server.
CODE

zone "linux.lan" {
type master;
file "/etc/bind/zones/linux.lan.db";
};

zone "0.10.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.0.10.10.in-addr.arpa";
};


. Next, edit the bind options file, /etc/bind/named.conf.options and modify the forwarders directive. This is the DNS server to witch your Bind installation will forward the requests it can't process. Replace the IP given as an example in that file with the DNS IP address provided by your ISP. Also, make sure the forwarders directive ISN'T commented out (has two slashes in front of it). If it does, remove them.

. It's time to add the zone definition files. Create the zones directory:
CODE

# mkdir /etc/bind/zones





. Add the zone definitions to file /etc/bind/zones/linux.lan.db (file does not exist, create it):
CODE

linux.lan. IN SOA ns1.linux.lan. admin.linux.lan. (

2006081401
28800
3600
604800
38400 )

linux.lan. IN NS ns1.linux.lan.
IN A 10.10.0.77
mail.linux.lan. IN MX 10 mail.linux.lan.
linux.lan. IN MX 10 mail.linux.lan.

www IN A 10.10.0.77
mail IN A 10.10.0.77
ns1 IN A 10.10.0.77


. Create the reverse DNS zone file. Create the file /etc/bind/zones/rev.rev.0.10.10.in-addr.arpa and add:
CODE

@ IN SOA linux.lan. admin.linux.lan. (
2006081401;
28800;
604800;
604800;
86400 );

IN NS ns1.linux.lan.
77 IN PTR linux.lan.


. Restart Bind so the changes will take effect:
CODE

# /etc/init.d/bind9 restart



TESTING BIND

. To test DNS resolving, use either host, dig, both or any other tools (nslookup etc):
CODE

# host linux.lan 127.0.0.1
linux.lan has address 10.10.0.7
linux.lan mail is handled by 10 mail.linux.lan.


CODE

# dig linux.lan
; QUESTION SECTION:
;linux.lan. IN A

;; ANSWER SECTION:
linux.lan. 38400 IN A 10.10.0.77

;; AUTHORITY SECTION:
linux.lan. 38400 IN NS ns1.linux.lan.

;; ADDITIONAL SECTION:
ns1.linux.lan. 38400 IN A 10.10.0.77


CHANGING DEFAULT DNS SERVER

. If the results are similar to the ones above, it's time to make your system use the new DNS server. Edit the file /etc/resolv.conf to look like:
CODE

search linux.lan
nameserver 10.10.0.77
nameserver 123.123.123.123


Where 10.10.0.77 is the server's IP running Bind, which is also reachable by computers in your network or Internet (depending on what you want to do with your DNS server), and 123.123.123.123 is the DNS IP address provided by your ISP.


INSTALLING SLAVE DNS SERVER

. On another machine, follow the same guide above until the ZONES part.
- The following commands are for the slave server unless stated otherwise. -

. Create the zones directory:
CODE

# mkdir /etc/bind/zones


. For BOTH master and slave, edit /etc/bind/named.conf.options and add this line within the options section (somewhere in the middle of the file, not at beginning/end):
CODE

dnssec-enable yes;


. Use dnssec-keygen to generate a .private and .key file:
CODE

# dnssec-keygen -a hmac-md5 -b 128 -n host linux.lan


. Add this in your /etc/bind/named.conf on master AND slave. Open the .private file generated earlier and copy the hashkey from Key:, then paste it to secret directive:
CODE

key "TRANSFER" {
algorithm hmac-md5;
secret "HASHKEY-FROM-.PRIVATE-FILE";
};


. On the MASTER server, add the slave IP to /etc/bind/named.conf (again, don't forget to replace the examples with your valid IP addresses):
CODE

server 10.10.0.78 {
keys {
TRANSFER;
};
};


. On the SLAVE server, add the master IP to /etc/bind/named.conf:
CODE

server 10.10.0.77 {
keys {
TRANSFER;
};
};


. Add the following to /etc/bind/named.conf.local (yes, on slave):
CODE

zone "linux.lan" {
type slave;
file "/etc/bind/zones/slave_linux.lan.db";
masters { 10.10.0.77; };
allow-notify { 10.10.0.77; };
};


. Finally, add this to /etc/bind/named.conf:
CODE

include "/etc/bind/rndc.key";


When Bind will be restarted, there will be a zone transfer. This requires a synchronized clock, so the last step before restarting bind is to run the following command on both servers:
CODE

# apt-get -y install ntpdate


Enjoy!

댓글

이 블로그의 인기 게시물

How to use digital Signatures

http://www.clearpointsystems.com/ewpi.php

Wumpus World