Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
DNS server Setup using bind in Ubuntu

DNS server Setup using bind in Ubuntu

Ratings: (0)|Views: 228|Likes:
Published by alsrmurad
Ubuntu operating system related how to tutorial
Ubuntu operating system related how to tutorial

More info:

Published by: alsrmurad on Mar 19, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less





I took this tutorial from this is sitehttp://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.htmland convert nto pdf.DNS Stands for Domain Name Service.On the Internet, the Domain Name Service (DNS) stores and associates many types of information with domain names; most importantly, it translates domain names (computer hostnames) to IP addresses. It alsolists mail exchange servers accepting e-mail for each domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use.IntroductionBIND (Berkeley Internet Name Domain) is an open reference implementation of theDomain Name System (DNS) protocol and provides a redistributable implementationof the major components of the Domain Name System.a name server (named)a resolver librarytroubleshooting tools like nslookup and digThe BIND DNS Server is used on the vast majority of name serving machines on theInternet, providing a robust and stable architecture on top of which an organization’s naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain namesand Internet addresses and is intended to be linked with applications requiringname service.Firewall ConfigBind listens on port 53 UDP and TCP. TCP is normally only used during zone transfers so it would appear that you could filter it if you have no slaves. HoweverIf the response to a query is greater than 1024 bytes, the server sends a partial response, and client and server will try to redo the transaction with TCP.Responses that big do not happen often, but they happen. And people do quite often block 53/tcp without their world coming to an end. But this is where one usually inserts the story about the Great DNS Meltdown when more root servers were added. This made queries for the root list greater than 1024 and the whole DNS system started to break down from people violating the DNS spec (RFC1035) and blocking TCP.Differences in BIND8 and BIND9Apart from being multi-threaded, and a complete code rewrite - which should provide better stability and security in the long term, there are other differencesIf there is a syntax error in named.conf, BIND9 will log errors and not reload the named server. BIND8 will log errors and the daemon will die!Extensive support of TSIGs (shared keys) for access control, for example, “update-policy” can be used for fine grained access control of dynamic updates.The tool for starting/stopping/reloading etc., rndc is different from the v8 ndc- different communications, authentication and features.Syntax in zone files is more rigorously checked (e.g. a TTL line must exist)In named.confv8 options ‘check-names’ and ’statistics-interval’ are not yet implemented in V9.the default for the option ‘auth-nxdomain’ is now ‘no’, if you don’t set this manually, BIND 9 logs a corresponding message on startup.The root server list, often called named.root or root.hints in BIND8 is not necessary in BIND 9, as it is included within the server.Installing Bind in Ubuntusudo apt-get install bind9 dnsutilsThis will install all the required packages for bind9Configuring BindIf you install Bind from the source code, you will have to edit the file named.conf. However, Ubuntu provides you with a pre-configured Bind, so we will edit named.conf.local filesudo vi /etc/bind/named.conf.localThis is where we will insert our zones.If you want to know what is zone in DNs check this
DNS zone is a portion of the global DNS namespace. This namespace is defined byRFC 1034, “Domain Names - Concepts and Facilities” and RFC 1035, “”Domain Names- Implementation and Specification”, and is laid out in a tree structure from right to left, such that divisions of the namespace are performed by prepending aseries of characters followed by period (‘.’), to the upper namespaceYou need to add the following lines in named.conf.local file# This is the zone definition. replace example.com with your domain namezone “example.com” {type master;file “/etc/bind/zones/example.com.db”;};# This is the zone definition for reverse DNS. replace 0.168.192 with your network address in reverse notation - e.g my network address is 192.168.0zone “0.168.192.in-addr.arpa” {type master;file “/etc/bind/zones/rev.0.168.192.in-addr.arpa”;};Now you need to edit the options filesudo vi /etc/bind/named.conf.optionsWe need to modify the forwarder. This is the DNS server to which your own DNS will forward the requests he cannot process.forwarders {# Replace the address below with the address of your provider’s DNS server123.123.123.123;};add the zone definition files (replace example.com with your domain namesudo mkdir /etc/bind/zonessudo vi /etc/bind/zones/example.com.dbThe zone definition file is where we will put all the addresses / machine namesthat our DNS server will know.Example zone file as follows// replace example.com with your domain name. do not forget the . after the domain name!// Also, replace ns1 with the name of your DNS serverexample.com. IN SOA ns1.example.com. admin.example.com. (// Do not modify the following lines!200703100128800360060480038400)// Replace the following line as necessary:// ns1 = DNS Server name// mail = mail server name// example.com = domain nameexample.com. IN NS ns1.example.com.example.com. IN MX 10 mail.example.com.// Replace the IP address with the right IP addresses.www IN A IN A IN A Reverse DNS Zone fileA normal DNS query would be of the form ‘what is the IP of host=www in domain=mydomain.com’. There are times however when we want to be able to find out the name of the host whose IP address = x.x.x.x. Sometimes this is required for diagnostic purposes more frequently these days it is used for security purposes to trace a hacker or spammer, indeed many modern mailing systems use reverse mapping toprovide simple authentication using dual look-up, IP to name and name to IP.In order to perform Reverse Mapping and to support normal recursive and Iterative (non-recursive) queries the DNS designers defined a special (reserved) Domain
Name called IN-ADDR.ARPA. This domain allows for all supported Internet IPv4 addresses (and now IPv6).sudo vi /etc/bind/zones/rev.0.168.192.in-addr.arpacopy and paste the following sample file//replace example.com with yoour domain name, ns1 with your DNS server name.// The number before IN PTR example.com is the machine address of the DNS server. in my case, it’s 1, as my IP address is IN SOA ns1.example.com. admin.example.com. (2007031001;28800;604800;604800;86400)IN NS ns1.example.com.1 IN PTR example.comRestart Bind server using the following commandsudo /etc/init.d/bind9 restartTesting Your DNS ServerModify the file resolv.conf with the following settingssudo vi /etc/resolv.confEnter the following details save and exit the file// replace example.com with your domain name, and with the address of your new DNS server.search example.comnameserver your DNS Using the following commanddig example.comMike says:August 31, 2008 at 7:14 amI am unsure about what this means:// Replace the IP address with the right IP addresses.www IN A IN A IN A is the address that I have given to my DNS server if that matters?Bind starts OK when the server boots - but how do I create a DNS alias or DNS records for my LAN?Prabin Dahal says:December 29, 2008 at 9:54 amHi, I tried your post.when I run dig prabin-dahal.com.np it responds the following:; <> DiG 9.4.2-P2 <> prabin-dahal.com.np;; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42577;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;prabin-dahal.com.np. IN A;; Query time: 0 msec;; SERVER:;; WHEN: Mon Dec 29 15:38:47 2008;; MSG SIZE rcvd: 37but I am not able to ping prabin-dahal.com.np what is the problem?Ian says:January 25, 2009 at 10:03 pmPrabin,I have the same problem. I think that, although it says it has got answer, all the lines start with a ; - so there is no data in the answer it got.

Activity (5)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Constant Kefrane liked this
raysatria liked this
Buzatu Giani liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->