Revision as of 11:50, 14 July 2015 by Craig Peacock (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

BIND DNS Server

BIND is the most widely used Linux Name Server software. It implements Domain Name Systems (DNS) protocols and can act as a resolver, authority server or both.

BIND DNSSEC support requires OpenSSL. Download, build and install OpenSSL:

wget http://www.openssl.org/source/openssl-1.0.2c.tar.gz
tar -xzf openssl-1.0.2c.tar.gz
cd openssl-1.0.2c
./Configure linux-generic32 shared --prefix=/home/export/rootfs
make CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld MAKEDEPPROG=arm-linux-gnueabi-gcc
make install CC=arm-linux-gnueabi-gcc RANLIB=arm-linux-gnueabi-ranlib LD=arm-linux-gnueabi-ld

Download, build and install BIND:

wget http://ftp.isc.org/isc/bind9/9.10.2-P1/bind-9.10.2-P1.tar.gz
tar -xzf bind-9.10.2-P1.tar.gz
cd bind-9.10.2-P1
./configure --prefix= --host=arm-linux-gnueabi --sysconfdir=/etc --with-randomdev=no --with-openssl=/home/export/rootfs --with-ecdsa=yes --with-gost=no BUILD_CC=gcc
make
make install DESTDIR=/home/export/rootfs

Create a configuration file /etc/bind/named.conf with the following contents:

acl localnet {
	192.168.0.0/24;
        2003:44b9:4219:6400::/64;
	localhost;
};

options {
	directory "/var/cache/bind";
#       fowarders { 192.231.203.132; 192.231.203.3 };
	dnssec-validation auto;
	auth-nxdomain no;
        listen-on port 53 { 127.0.0.1; 192.168.0.254; }
	listen-on-v6 { 2001:44b9:4219:6400:250:43ff:fe01:835e; };
	recursion yes;
	allow-query { localnet; };
};

zone "." {
	type hint;
	file "/etc/bind/named.root";
};

zone "0.0.127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.168.192.in-addr.arpa" {
  	type master;
	file "/etc/bind/db.192";
};

zone "home" {
  	type master;
	file "/etc/bind/home.zone";
};

The Access Control List (ACL) controls what hosts can query the DNS resolver. You will need to change these to suit your network.

Likewise for the listen-on fields - this binds BIND to these network interfaces.

The forwarders field is currently commented out. You can uncomment this, if you want your resolver to forward requests from other DNS servers upstream, such as your ISP. If it is commented out, then your resolver will contact root servers

The named.root file contains a list of root servers and their IP addresses. It can be downloaded using:

wget http://www.internic.net/domain/named.root

The following file allows reverse lookups for the localhost name. Create a file called /etc/bind/db.127 with the following contents:

;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
1.0.0	IN	PTR	localhost.

The following file allows reverse lookups for our resolver, 192.168.0.254. Doing a reverse lookup for 192.168.0.254 should return 'gateway.home'

Create a file called /etc/bind/db.192 with the following contents:

;
; BIND reverse data file for local subnet 192.168.0
;
$TTL    604800
@       IN      SOA     gateway.home. webuser.gateway.home. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@       IN      NS  gateway.
254     IN      PTR gateway.home.

The following file can be used to lookup hosts on your local subnet. For example, looking up gateway.home should return the address 192.168.0.254. Looking up nas.home will return 192.168.0.253.

Create a file called /etc/bind/home.zone with the following contents:

;
; BIND data file for home domain
;
$TTL	604800
@	IN	SOA	home. root.home. (
			      2		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
		NS	gateway
gateway		A	192.168.0.254
nas		A	192.168.0.253