(BIND DNS Server)
(BIND DNS Server)
 
(2 intermediate revisions by one user not shown)
Line 4: Line 4:
 
[https://www.isc.org/downloads/bind/| BIND] is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.
 
[https://www.isc.org/downloads/bind/| BIND] is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.
  
Download, build and install:
+
BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL:
  
 
<PRE>
 
<PRE>
wget http://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz
+
wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz
tar -xzf bind-9.9.7.tar.gz
+
tar -xzf openssl-1.0.2c.tar.gz
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --without-openssl --with-randomdev=no BUILD_CC=gcc
+
cd openssl-1.0.2c
 +
./Configure linux-generic32 shared --prefix=/home/export/rootfs
 +
make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc
 +
make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld
 +
</PRE>
 +
 
 +
Download, build and install BIND:
 +
 
 +
<PRE>
 +
wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz
 +
tar -xzf bind-9.10.2-P1.tar.gz
 +
cd bind-9.10.2-P1
 +
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc
 
make
 
make
 
make install DESTDIR=/home/export/rootfs
 
make install DESTDIR=/home/export/rootfs
Line 34: Line 46:
 
};
 
};
  
zone "0.0.127.in-addr.arpa" in {
+
zone "." {
 +
type hint;
 +
file "/etc/bind/named.root";
 +
};
 +
 
 +
zone "0.0.127.in-addr.arpa" {
 
         type master;
 
         type master;
 
         file "/etc/bind/db.127";
 
         file "/etc/bind/db.127";
Line 44: Line 61:
 
};
 
};
  
zone "home" IN {
+
zone "home" {
 
   type master;
 
   type master;
 
file "/etc/bind/home.zone";
 
file "/etc/bind/home.zone";
Line 55: Line 72:
  
 
The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers  
 
The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers  
 +
 +
The named.root file contains a list of root servers and their IP addresses. It can be downloaded using:
 +
 +
<PRE>
 +
wget http://www.internic.net/domain/named.root
 +
</PRE>
  
 
The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:
 
The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:

Latest revision as of 11:50, 14 July 2015

BIND DNS Server

BIND is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.

BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL:

wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz
tar -xzf openssl-1.0.2c.tar.gz
cd openssl-1.0.2c
./Configure linux-generic32 shared --prefix=/home/export/rootfs
make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc
make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld

Download, build and install BIND:

wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz
tar -xzf bind-9.10.2-P1.tar.gz
cd bind-9.10.2-P1
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc
make
make install DESTDIR=/home/export/rootfs

Create a configuration file /etc/bind/named.conf with the following contents:

acl localnet {
	192.168.0.0/24;
        2003:44b9:4219:6400::/64;
	localhost;
};

options {
	directory "/var/cache/bind";
#       fowarders { 192.231.203.132; 192.231.203.3 };
	dnssec-validation auto;
	auth-nxdomain no;
        listen-on port 53 { 127.0.0.1; 192.168.0.254; }
	listen-on-v6 { 2001:44b9:4219:6400:250:43ff:fe01:835e; };
	recursion yes;
	allow-query { localnet; };
};

zone "." {
	type hint;
	file "/etc/bind/named.root";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.168.192.in-addr.arpa" {
  	type master;
	file "/etc/bind/db.192";
};

zone "home" {
  	type master;
	file "/etc/bind/home.zone";
};

The Access Control List (ACL) controls what hosts can query the DNS resolver. You will need to change these to suit your network.

Likewise for the listen-on fields - this binds BIND to these network interfaces.

The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers

The named.root file contains a list of root servers and their IP addresses. It can be downloaded using:

wget http://www.internic.net/domain/named.root

The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:

;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
1.0.0	IN	PTR	localhost.

The following file allows reverse lookups for our resolver, 192.168.0.254. Doing a reverse lookup for 192.168.0.254 should return 'gateway.home'

Create a file called /etc/bind/db.192 with the following contents:

;
; BIND reverse data file for local subnet 192.168.0
;
$TTL    604800
@       IN      SOA     gateway.home. webuser.gateway.home. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@       IN      NS  gateway.
254     IN      PTR gateway.home.

The following file can be used to lookup hosts on your local subnet. For example, looking up gateway.home should return the address 192.168.0.254. Looking up nas.home will return 192.168.0.253.

Create a file called /etc/bind/home.zone with the following contents:

;
; BIND data file for home domain
;
$TTL	604800
@	IN	SOA	home. root.home. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
		NS	gateway
gateway		A	192.168.0.254
nas		A	192.168.0.253