Difference between revisions of "Configuring basic DNS service with bind"

From Notes_Wiki
m
Line 2: Line 2:
=Configuring basic DNS service with bind=
=Configuring basic DNS service with bind=


In order to configure basic DNS service with bind we can first look for sample named.conf that came with our bind distribution. We can use '<tt>updatedb</tt>' and then '<tt>locate</tt>' to find files which are required to setup bind. Most of the files are located somewhere within '<tt>/usr/share/doc/bind-&lt;version&gt;</tt>'. There is also Bind Administrators Reference Manual (BARM) inside that directory which has complete reference to all the options supported by bind and is very extensive compared to man pages.
# <tt>yum -y install bind bind-utils</tt>
 
# Edit /etc/named.conf and append following lines:
 
#:<pre>
 
#::    zone "rekallsoftware.com." IN {
==Configuring basic named.conf==
#::        type master;
 
#::        file "rekallsoftware.com.forward";
First we can search for sample 'named.conf' and copy it to '<tt>/var/named/chroot/etc</tt>'. Normally bind runs in chroot environment inside '<tt>/var/named/chroot</tt>' directory. Hence files need to be inside this chroot directory. To avoid confusion or multiple copies or wrong editing whenever we copy file to '<tt>/var/named/chroot/var/named</tt>', we also create symbolic from it to '<tt>/etc</tt>'. Hence even if someone tries to edit '<tt>/etc/named.conf</tt>' proper file '<tt>/var/named/chroot/etc/named.conf</tt>' gets edited.
#::    };
 
#:</pre>
''Note that one has to keep the original file in '<tt>/var/named/chroot/etc</tt>' and create symbolic link with absolute path in '<tt>/etc</tt>'. That is command should be something like '<tt>ln -s /var/named/chroot/etc/named.conf /etc</tt>'. This is because after chroot only outside symbolic links can refer to files inside '<tt>/var/named/chroot</tt>'.''
# In '<tt>/etc/named.conf</tt>' make following modifications:
 
## <tt>listen-on port 53 {127.0.0.1; any;}; </tt>
Sample named.conf file is at [[media:2010-03-14-named.conf.txt|2010-03-14-named.conf.txt]]. This file is properly documented with two zones 'sbarjatiya.in' and 'leet.co.in'. The logs of most categories are sent to different channels and basic views are used to distinguish between 'localhost' and others. The parameters like files, max-cache-size, etc. which protect server resources are defined. The server is configured not to send OS or bind version information. The configuration works well with SELinux enabled as all logs files are written in data directory.
## <tt>allow-query {localhost; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;}; </tt>
 
## <tt>dnssec-enable no; </tt>
One can start with above configuration file along with these two zone files ([[media:2010-03-14-sbarjatiya.in.zone.txt|2010-03-14-sbarjatiya.in.zone.txt]] and [[media:2010-03-14-leet.co.in.zone.txt|2010-03-14-leet.co.in.zone.txt]])  and test the basic setup. If things are fine then proper zones instead of these two zones can be defined. One should also refer to documentation of current version of bind installed located at '<tt>/usr/share/doc/bind-&lt;version&gt;</tt>' to know about extra/deprecated features in this version.
## <tt>dnssec-validation no; </tt>
 
# Go to /var/named and create rekallsoftware.com.forward with contents similar to:
Similar to files in '<tt>/var/named/chroot/etc</tt>', for files in '<tt>/var/named/chroot/var/named</tt>' we create a symbolic link in '<tt>/var/named</tt>' so that if someone accidentally tries to modify files in '<tt>/var/named</tt>' then also the correct version gets modified.
#:<pre>
 
#::    $TTL 3600
 
#::    @ SOA ns.rekallsoftware.com. root.rekallsoftware.com. (1 15m 5m 30d 1h)
 
#::        NS ns.rekallsoftware.com.
==Troubleshooting bind==
#::        A 10.1.2.3
 
#::    ns              IN      A      10.1.1.1
===File/zone not found errors===
#::    www            IN      A      10.1.2.3
 
#:</pre>
When one uses above given sample '<tt>named.conf</tt>' file then it is possible to get errors like '<tt>file named.root.hints not found</tt>' or '<tt>file named.rfc1912.zones</tt>' not found. For all such common files use locate and copy the sample files that come with bind. There can be six or seven such files so keep reading error messages that you get when you try to start bind and then copy the files appropriately. Make sure that you also create symbolic link whenever you copy new file.
# Try "<tt>nslookup rekallsoftware.com 127.0.0.1</tt>"
 
# Try "<tt>nslookup www.google.co.in 127.0.0.1</tt>".  This will only work if machine has direct access to Internet at least for outgoing UDP port 53.
If '<tt>directory</tt>' options has been used then named may search for zones files in that directory. Hence we should copy the zone files like '<tt>localhost.zone</tt>', '<tt>localdomain.zone</tt>' and even the zone files that we create appropriately.
 
 
 
===No error is printed===
Some times bind will fail to start and no error gets printed then try
<pre>
echo '' >> /var/log/messages
echo '' >> /var/log/messages
service bind start
tail -30 /var/log/messages
</pre>
and look for bind error messages. There can still be some files like '<tt>/etc/named.root</tt>' which are not found. Copy those files to '<tt>/var/named/chroot/etc</tt>' and create symbolic link in '<tt>/etc</tt>'.  
 
 
===Error not clear Or not printed in /var/log/messages===
 
If error is not printed in /var/log/messages then try running bind in foreground with
<tt>
named -u named -f -d <debug_level>
</tt>
There is also provision to specify chroot directory. Read 'man named' to know about more options.
 
 
===Disable SELinux===
 
If still bind is not running then disable SELinux to confirm that problem is not due to SELinux. If bind works after doing '<tt>setenfore 0</tt>' then try to use '<tt>restorecon -vR /var/named</tt>' and then again try to start bind. Have a look at different SELinux types in '<tt>/var/named</tt>' and try to set similar contexts in '<tt>/var/named/chroot/var/named<tt>'.






<yambe:breadcrumb self="Basic bind configuration">Bind DNS server configuration | Bind DNS</yambe:breadcrumb>
<yambe:breadcrumb self="Basic bind configuration">Bind DNS server configuration | Bind DNS</yambe:breadcrumb>

Revision as of 08:34, 11 December 2014

<yambe:breadcrumb self="Basic bind configuration">Bind DNS server configuration | Bind DNS</yambe:breadcrumb>

Configuring basic DNS service with bind

  1. yum -y install bind bind-utils
  2. Edit /etc/named.conf and append following lines: 
    zone "rekallsoftware.com." IN {
    

    type master;
    

    file "rekallsoftware.com.forward";
    

    };
  3. In '/etc/named.conf' make following modifications:
    1. listen-on port 53 {127.0.0.1; any;};
    2. allow-query {localhost; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16;};
    3. dnssec-enable no;
    4. dnssec-validation no;
  4. Go to /var/named and create rekallsoftware.com.forward with contents similar to: 
    $TTL 3600
    

    @ SOA ns.rekallsoftware.com. root.rekallsoftware.com. (1 15m 5m 30d 1h)
    

    NS ns.rekallsoftware.com.
    

    A 10.1.2.3
    

    ns              IN      A       10.1.1.1
    

    www             IN      A       10.1.2.3
  5. Try "nslookup rekallsoftware.com 127.0.0.1"
  6. Try "nslookup www.google.co.in 127.0.0.1". This will only work if machine has direct access to Internet at least for outgoing UDP port 53.


<yambe:breadcrumb self="Basic bind configuration">Bind DNS server configuration | Bind DNS</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configuring_basic_DNS_service_with_bind&oldid=1842"