Hi,
these steps sets up a bind9 DNS Server on Debian 8 Jessie.
Install necessary packages
root@devdev ~# apt-get install bind9
Some definitions
Primary Nameserver 1: ns1.your.domain.org IpAddress: 192.168.56.1
Secondary Nameserver 2: ns2.your.domain.org IpAddress: 192.168.56.2
ClientHost hostmetallica.your.domain.org IpAddress: 192.168.56.200
Alias aliasmetallica.your.domain.org => hostmetallica.your.domain.org
Default config directory is /etc/bind
The Forward zone. Create a file /etc/bind/db.your.domain.org
$TTL 3600
$ORIGIN your.domain.org.
;===========================================================================
; Addresses and other host information for zone: your.domain.org
;===========================================================================
@ IN SOA your.domain.org. admin\.mail.your.domain.org. (
2016022300 ; Serial No.
900 ; Refresh
3600 ; Retry
7200 ; Expire
300 ) ; Negative Cache TTL
IN NS ns1.your.domain.org.
IN NS ns2.your.domain.org.
;*************
; A records
;*************
ns1 IN A 192.168.56.1
ns2 IN A 192.168.56.2
hostmetallica IN A 192.168.56.200
;****************
; CNAME records
;****************
aliasmetallica IN CNAME hostmetallica.your.domain.org.
Create the reverse zone /etc/bind/56.168.192.zone
$TTL 3600
;===========================================================================
; Local server zone information: 56.168.192.in-addr.arpa
;===========================================================================
$ORIGIN 56.168.192.IN-ADDR.ARPA.
@ IN SOA your.domain.org. admin\.mail.your.domain.org. (
2016022300 ; Serial No.
900 ; Refresh
3600 ; Retry
7200 ; Expire
300 ) ; Negative Cache TTL
;
IN NS ns1.your.domain.org.
1 IN PTR ns1.your.domain.org.
2 IN PTR ns2.your.domain.org.
200 IN PTR hostmetallica.your.domain.org.
To activate the forward and the reverse zone add insert a config section for both zones to /etc/bind/named.conf.local
zone "your.domain.org" {
type master;
file "/etc/bind/db.your.domain.org";
};
zone "56.168.192.in-addr.arpa" in {
type master;
file "/etc/bind/56.168.192.zone";
};
For a detailed logging create a file /etc/bind/named.conf.logging
logging {
channel default {
file "/var/log/named/named.log" versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { default; };
category default{ default;};
};
Create a folder for the logfile
mkdir /var/log/named
chown root:bind /var/log/named
chmod 770 /var/log/named
And enable logging in config file by adding the following line to /etc/bind/named.local
include "/etc/bind/named.conf.logging";
If your DNS Server should resolve other system in internal domain you can define a DNS server to which queries are forwarded. Add the “forwarder” directive to the options section in /etc/bind/named.conf.options . If they do not have DNS Sec configured comment out the “dnssec-validation auto” option. And add some other usefull options.
options {
...
... some other options
...
// For test environments dnssec is not needed
dnssec-enable no;
dnssec-validation no;
// Interfaces bind listen to
listen-on { 127.0.0.1; 192.168.56.101; };
forward only;
forwarders {
10.254.1.1;10.254.1.10;
};
// DNS Should not offer its version
version none;
Check your config
named-checkconf
Start DNS Server
systemctl restart bind9.service && journalctl -xn 100 -u bind9.service
To do secondary config…coming soon.
See also https://wiki.debian.org/Bind9
Michael