(BIND DNS Server)
(BIND DNS Server)
 
(4 intermediate revisions by one user not shown)
Line 2: Line 2:
 
== BIND DNS Server ==
 
== BIND DNS Server ==
  
[https://www.isc.org/downloads/bind/| BIND] is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols.
+
[https://www.isc.org/downloads/bind/| BIND] is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.
  
Download, build and install:
+
BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL:
  
 
<PRE>
 
<PRE>
wget http://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz
+
wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz
tar -xzf bind-9.9.7.tar.gz
+
tar -xzf openssl-1.0.2c.tar.gz
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --without-openssl --with-randomdev=no BUILD_CC=gcc
+
cd openssl-1.0.2c
 +
./Configure linux-generic32 shared --prefix=/home/export/rootfs
 +
make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc
 +
make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld
 +
</PRE>
 +
 
 +
Download, build and install BIND:
 +
 
 +
<PRE>
 +
wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz
 +
tar -xzf bind-9.10.2-P1.tar.gz
 +
cd bind-9.10.2-P1
 +
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc
 
make
 
make
 
make install DESTDIR=/home/export/rootfs
 
make install DESTDIR=/home/export/rootfs
Line 25: Line 37:
 
options {
 
options {
 
directory "/var/cache/bind";
 
directory "/var/cache/bind";
#      fowarders { 192.231.203.132; 192.231.203.3 }
+
#      fowarders { 192.231.203.132; 192.231.203.3 };
 
dnssec-validation auto;
 
dnssec-validation auto;
 
auth-nxdomain no;
 
auth-nxdomain no;
 
         listen-on port 53 { 127.0.0.1; 192.168.0.254; }
 
         listen-on port 53 { 127.0.0.1; 192.168.0.254; }
listen-on-v6 { any; };
+
listen-on-v6 { 2001:44b9:4219:6400:250:43ff:fe01:835e; };
 
recursion yes;
 
recursion yes;
 
allow-query { localnet; };
 
allow-query { localnet; };
 
};
 
};
  
zone "0.0.127.in-addr.arpa" in {
+
zone "." {
 +
type hint;
 +
file "/etc/bind/named.root";
 +
};
 +
 
 +
zone "0.0.127.in-addr.arpa" {
 
         type master;
 
         type master;
 
         file "/etc/bind/db.127";
 
         file "/etc/bind/db.127";
Line 44: Line 61:
 
};
 
};
  
zone "home" IN {
+
zone "home" {
 
   type master;
 
   type master;
 
file "/etc/bind/home.zone";
 
file "/etc/bind/home.zone";
Line 50: Line 67:
 
</PRE>
 
</PRE>
  
 +
The Access Control List (ACL) controls what hosts can query the DNS resolver. You will need to change these to suit your network.
  
Create a file called /etc/bind/db.127 with the following contents:
+
Likewise for the listen-on fields - this binds BIND to these network interfaces.
 +
 
 +
The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers
 +
 
 +
The named.root file contains a list of root servers and their IP addresses. It can be downloaded using:
 +
 
 +
<PRE>
 +
wget http://www.internic.net/domain/named.root
 +
</PRE>
 +
 
 +
The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:
 
<PRE>
 
<PRE>
 
;
 
;
Line 67: Line 95:
 
1.0.0 IN PTR localhost.
 
1.0.0 IN PTR localhost.
 
</PRE>
 
</PRE>
 +
 +
The following file allows reverse lookups for our resolver, 192.168.0.254. Doing a reverse lookup for 192.168.0.254 should return 'gateway.home'
  
 
Create a file called /etc/bind/db.192 with the following contents:
 
Create a file called /etc/bind/db.192 with the following contents:
Line 84: Line 114:
 
254    IN      PTR gateway.home.
 
254    IN      PTR gateway.home.
 
</PRE>
 
</PRE>
 +
 +
The following file can be used to lookup hosts on your local subnet. For example, looking up gateway.home should return the address 192.168.0.254. Looking up nas.home will return 192.168.0.253.
  
 
Create a file called /etc/bind/home.zone with the following contents:
 
Create a file called /etc/bind/home.zone with the following contents:
Line 98: Line 130:
 
604800 ) ; Negative Cache TTL
 
604800 ) ; Negative Cache TTL
 
;
 
;
NS
+
NS gateway
 
gateway A 192.168.0.254
 
gateway A 192.168.0.254
 
nas A 192.168.0.253
 
nas A 192.168.0.253
 
</PRE>
 
</PRE>

Latest revision as of 11:50, 14 July 2015

BIND DNS Server

BIND is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.

BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL:

wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz
tar -xzf openssl-1.0.2c.tar.gz
cd openssl-1.0.2c
./Configure linux-generic32 shared --prefix=/home/export/rootfs
make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc
make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld

Download, build and install BIND:

wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz
tar -xzf bind-9.10.2-P1.tar.gz
cd bind-9.10.2-P1
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc
make
make install DESTDIR=/home/export/rootfs

Create a configuration file /etc/bind/named.conf with the following contents:

acl localnet {
	192.168.0.0/24;
        2003:44b9:4219:6400::/64;
	localhost;
};

options {
	directory "/var/cache/bind";
#       fowarders { 192.231.203.132; 192.231.203.3 };
	dnssec-validation auto;
	auth-nxdomain no;
        listen-on port 53 { 127.0.0.1; 192.168.0.254; }
	listen-on-v6 { 2001:44b9:4219:6400:250:43ff:fe01:835e; };
	recursion yes;
	allow-query { localnet; };
};

zone "." {
	type hint;
	file "/etc/bind/named.root";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.168.192.in-addr.arpa" {
  	type master;
	file "/etc/bind/db.192";
};

zone "home" {
  	type master;
	file "/etc/bind/home.zone";
};

The Access Control List (ACL) controls what hosts can query the DNS resolver. You will need to change these to suit your network.

Likewise for the listen-on fields - this binds BIND to these network interfaces.

The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers

The named.root file contains a list of root servers and their IP addresses. It can be downloaded using:

wget http://www.internic.net/domain/named.root

The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:

;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
1.0.0	IN	PTR	localhost.

The following file allows reverse lookups for our resolver, 192.168.0.254. Doing a reverse lookup for 192.168.0.254 should return 'gateway.home'

Create a file called /etc/bind/db.192 with the following contents:

;
; BIND reverse data file for local subnet 192.168.0
;
$TTL    604800
@       IN      SOA     gateway.home. webuser.gateway.home. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@       IN      NS  gateway.
254     IN      PTR gateway.home.

The following file can be used to lookup hosts on your local subnet. For example, looking up gateway.home should return the address 192.168.0.254. Looking up nas.home will return 192.168.0.253.

Create a file called /etc/bind/home.zone with the following contents:

;
; BIND data file for home domain
;
$TTL	604800
@	IN	SOA	home. root.home. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
		NS	gateway
gateway		A	192.168.0.254
nas		A	192.168.0.253