Debian: Simple bind setup for test environments

Hi,

these steps sets up a bind9 DNS Server on Debian 8 Jessie.

Install necessary packages

root@devdev ~# apt-get install bind9


Some definitions

Primary Nameserver 1: ns1.your.domain.org IpAddress: 192.168.56.1
Secondary Nameserver 2: ns2.your.domain.org IpAddress: 192.168.56.2
ClientHost hostmetallica.your.domain.org IpAddress: 192.168.56.200
Alias aliasmetallica.your.domain.org => hostmetallica.your.domain.org

Default config directory is /etc/bind

The Forward zone. Create a file /etc/bind/db.your.domain.org

$TTL 3600
$ORIGIN your.domain.org.
;===========================================================================
; Addresses and other host information for zone: your.domain.org
;===========================================================================
@ IN SOA your.domain.org. admin\.mail.your.domain.org. (
2016022300 ; Serial No.
900 ; Refresh
3600 ; Retry
7200 ; Expire
300 ) ; Negative Cache TTL
IN NS ns1.your.domain.org.
IN NS ns2.your.domain.org.
;*************
; A records
;*************
ns1 IN A 192.168.56.1
ns2 IN A 192.168.56.2
hostmetallica IN A 192.168.56.200

;****************
; CNAME records
;****************
aliasmetallica IN CNAME hostmetallica.your.domain.org.

Create the reverse zone /etc/bind/56.168.192.zone

$TTL 3600
;===========================================================================
; Local server zone information: 56.168.192.in-addr.arpa
;===========================================================================
$ORIGIN 56.168.192.IN-ADDR.ARPA.
@ IN SOA your.domain.org. admin\.mail.your.domain.org. (
2016022300 ; Serial No.
900 ; Refresh
3600 ; Retry
7200 ; Expire
300 ) ; Negative Cache TTL
;
IN NS ns1.your.domain.org.
1 IN PTR ns1.your.domain.org.
2 IN PTR ns2.your.domain.org.
200 IN PTR hostmetallica.your.domain.org.


To activate the forward and the reverse zone add insert a config section for both zones to /etc/bind/named.conf.local

zone "your.domain.org" {
type master;
file "/etc/bind/db.your.domain.org";
};
zone "56.168.192.in-addr.arpa" in {
type master;
file "/etc/bind/56.168.192.zone";
};

For a detailed logging create a file /etc/bind/named.conf.logging

logging {
channel default {
file "/var/log/named/named.log" versions 3 size 5m;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category queries { default; };
category default{ default;};
};

Create a folder for the logfile

mkdir /var/log/named
chown root:bind /var/log/named
chmod 770 /var/log/named

And enable logging in config file by adding the following line to /etc/bind/named.local

include "/etc/bind/named.conf.logging";

If your DNS Server should resolve other system in internal domain you can define a DNS server to which queries are forwarded. Add the “forwarder” directive to the options section in /etc/bind/named.conf.options . If they do not have DNS Sec configured comment out the “dnssec-validation auto” option. And add some other usefull options.

options {
...
... some other options
...
// For test environments dnssec is not needed
dnssec-enable no;
dnssec-validation no;

// Interfaces bind listen to
listen-on { 127.0.0.1; 192.168.56.101; };
forward only;
forwarders {
10.254.1.1;10.254.1.10;
};
// DNS Should not offer its version
version none;

Check your config

named-checkconf

Start DNS Server

systemctl restart bind9.service && journalctl -xn 100 -u bind9.service

To do secondary config…coming soon.
See also https://wiki.debian.org/Bind9

Michael

Advertisment to support michlstechblog.info

Time limit is exhausted. Please reload CAPTCHA.

Original Theme by Schiy · Powered by WordPress