# Bind 9 DNS setup

## squanto

I realize that Bind and DNS setup is a very large topic, but I was wondering if anyone here in the Gentoo forums has some experience with it?

I am trying to get my webserver  setup to use my registered domain. I have registered a domain and would like to get my server set up to use this domain. I have my domain registered thru networksolutions and I have changed the nameservers to point to my primary and secondary ips that I will run dns on.

I have used the linuxdoc.org dns howto, twice now, but to no avail. Has anyone gotten Bind 9 setup on Gentoo? if so could you point me to a good "new to dns" type of guide that would show me step by step how to set this up?

Thanks,

Andrew

edited on July 21, 2002 to take out the domain names, don't want to leave that up there too long till the site gets running.Last edited by squanto on Mon Jul 22, 2002 3:00 am; edited 1 time in total

----------

## Guest

Give djbdns a try.


To tell the truth, I couldn't get BIND working either.  :Smile: 

Then someone recommended djbdns and I never looked back.

----------

## squanto

OK, I will see what I can get going with djbdns, cause the bind people don't seem to like djbdns, and I hadn't really heard anything about it before. BIND seems kind of hardcore, but since most *nix DNS runs Bind, I didn't think it would be that hard to setup.   :Embarassed: 

-Andrew

----------

## klieber

djbdns doesn't comply to the RFC spec for DNS, which is why some folks don't like it.  That said, it has proven to be much more secure than BIND has.

The reason BIND is so hard to set up (or at least one of the reasons) is because of the archane, convoluted syntax of its damn config files.  Put one '@' in the wrong place and you're hosed.  Very not-user-friendly.

If you want to go with BIND, then pick up the DNS and Bind Book by O'Reilly.  Absolutely, positively the best book out there on DNS and/or BIND.  It will walk you through all the underlying concepts of DNS (which is kind of a fascinating read if you're into that stuff) as well as tell you how to set up a BIND server.

hth

--kurt

----------

## squanto

I was looking to purchase this book, but since I am headded home from college at the end of this week, I don't have my superfast internet connection anymore so I will look into it at the end of the summer, maybe a new version of BIND will be out.   :Confused: 

Thanks for the suggestion, I did a little reading on djbdns, but since BIND is the standard, I figured it would give me some real world experience to setup BIND vs some other DNS.

Thanks,

Andrew

----------

## seaweed

I have been using BIND for a few years and have a good understanding.  If you have specific questions I can assist.

If you are looking to buy the "DNS and BIND" book the latest edition is 4th.

----------

## squanto

Thanks, I will probably be asking questions starting at the end of August, cause I am home from school now and don't have a ded connection to the internet anymore.  thanks for the help though. I am going to buy the book in about a month or so.

-Andrew

----------

## Nitro

Squanto:

I'd be more then happy to help you with any questions you may have regarding bind/named.  I use bind on my webserver and run both the primary and secondary nameservers.  If you need help setting it up, let me know.

Just becareful what you read, more times then not, when I was reading about bind, I was acutally reading about the wrong version.  :Wink: 

I to tried djbdns after being very pleased with qmail, and was rather disappointed.  Only thing I would recommend djbdns for is a caching only DNS server, again that is just my opinion.

I was wondering when we were going to get some actual "server" discussion in this forum.  :Wink: 

----------

## squanto

I am going to purchase the bind book as soon as I get a new computer built.  I will almost certainly have questions, so I will post them on the forum / pm you.

Thanks for the help,

Sorry it took so long for me to respond, summer vacation left me with little internet time  :Laughing: 

Andrew

----------

## squanto

Seeing as this is an old post of mine, here is another question for you dns gurus out there.

Can I run bind9 on a non standard port?

If so, what needs to be changed?  I am behind university firewall, and for ports less than 1024 only port 80 is open to outside world.

I would like to run dns so I don't have to pay someone else to do it for me, and cause I could learn something.  I also would like to run my mailserver on a port other than standard, but my impression is that I could do that by modifying the MX tag in bind to use another port?

Thanks!

----------

## perra

In named.conf in the "options" there is a statement which might help.

```
{ listen-on [port ip_port] { address_mach_list };
```

Will that do it? I read it in The BIND 9 Administrator Reference Manual from ISC (p. 67).

http://www.nominum.com/resources/documentation/Bv9ARM.pdf

HTH

----------

## klieber

 *squanto wrote:*   

> Can I run bind9 on a non standard port?

 

Yes, but it will be largely useless to you unless you configure your DNS clients to contact that port instead of the standard port 53.  Any DNS clients that are out of your direct control will likely not work with your DNS server.

 *squanto wrote:*   

> I would like to run dns so I don't have to pay someone else to do it for me

 

http://www.zoneedit.com/

http://www.granitecanyon.com/

Or, register (or renew) your domain through register.com and you get free DNS service as part of the registration fee.

 *squanto wrote:*   

> I also would like to run my mailserver on a port other than standard, but my impression is that I could do that by modifying the MX tag in bind to use another port?

 

No -- DNS doesn't know about ports -- just IP addresses.  To run a mail server on a non-standard port, you need to consult the documentation for your specific mail server.  Again, you're going to run into the problem that other SMTP servers will not be able to contact your mail server because they have no way of knowing what port your mail server is running on.

--kurt

----------

## squanto

 *Quote:*   

> Yes, but it will be largely useless to you unless you configure your DNS clients to contact that port instead of the standard port 53. Any DNS clients that are out of your direct control will likely not work with your DNS server.

 

Does this include the 13 main dns servers for the world?

So, that if I do run on a nonstandard port, and if the 13 main servers can see me and I can see them, when user puts in my domain name, will the be brought to my machine?

 *Quote:*   

> http://www.zoneedit.com/
> 
> http://www.granitecanyon.com/ 

 

I checked out zoneedit, and it seems like what I will have to use, or the register.com idea, but the granitecanyon site was not responding.  I would rather run my own dns, if possible because I would like to learn how it works.

 *perra wrote:*   

> In named.conf in the "options" there is a statement which might help.
> 
> ```
> { listen-on [port ip_port] { address_mach_list };
> ```
> ...

 

I think that is what I need, thanks, I downloaded the pdf.

Thanks for the help!

----------

## klieber

 *squanto wrote:*   

> Does this include the 13 main dns servers for the world?

 

Yes, it includes the root nameservers.

 *squanto wrote:*   

> So, that if I do run on a nonstandard port, and if the 13 main servers can see me and I can see them, when user puts in my domain name, will the be brought to my machine?

 

No, not as long as you're running DNS on a non-standard port.

--kurt

----------

## squanto

 *klieber wrote:*   

>  *squanto wrote:*   Does this include the 13 main dns servers for the world? 
> 
> Yes, it includes the root nameservers.
> 
>  *squanto wrote:*   So, that if I do run on a nonstandard port, and if the 13 main servers can see me and I can see them, when user puts in my domain name, will the be brought to my machine? 
> ...

 

OK, thanks for the info, better for me to learn about this before I get frustrated with my setup.  I will talk with the network guys here at school and see what there is that I can do, if I can get them to open some ports for me or something.

But just curious, cause when I signed up for my domain, I had to give 2 ips for nameserver addresses, I couldn't just append the port number to that address for my ns1 and ns2 and have it work?

Thanks

-Andrew

----------

## klieber

 *squanto wrote:*   

> But just curious, cause when I signed up for my domain, I had to give 2 ips for nameserver addresses, I couldn't just append the port number to that address for my ns1 and ns2 and have it work?

 

No.  I know that's not the answer you want to hear, but as long as you have a firewall blocking port 53, what you're trying to do wont work.

--kurt

----------

## Hellfire

 *Quote:*   

> But just curious, cause when I signed up for my domain, I had to give 2 ips for nameserver addresses, I couldn't just append the port number to that address for my ns1 and ns2 and have it work?

 

While I don't believe that's an RFC issue it is a "best practice" one. DNS drives the internet, without it we're all pretty much boned. Having *at least* 2 available resolvers for every domain is a must. If it's within your means having a 3rd one in an alternate site is even better.

That said, you CAN run your domain with 1 server. ISP-level DNS admins might be pissy about your setup, but I don't think your situation is likely to draw too many complaints.

-h

----------

## klieber

 *Hellfire wrote:*   

> That said, you CAN run your domain with 1 server. ISP-level DNS admins might be pissy about your setup, but I don't think your situation is likely to draw too many complaints.

 

Correct -- you can use 1 server, but it still has to respond on port 53 in order to be useful as a public nameserver.

--kurt

----------

## squanto

OK, thanks Klieber. I will try to find out from someone here at my school about opening up the port, since it isn't like there is really that much bandwidth taken up by a dns server, compared to something like a counterstrike or Quake server.

Thanks for the help!

----------

