# Looking for some BIND help

## Tweakin

I could really use a hand configuring BIND. I have spent the better part of the morning reading through the BIND documentation, and, man... I didn't think setting up a name server and dns for one website on one server was going to be such a headache! Is there a good guide around (found one at Gentoo wiki, wasn't so helpful) that anyone knows of? I need something a little more straight to my point as the BIND docs are pretty huge (at least what I get out of them). I am not complaining though, I love that it is so well documented, I just need a little help getting my feet wet on this one before I learn every square inch of things.

Basically, I am trying to configure BIND for one website, I have a static ip address, and it is being run off of one gentoo box that also houses the web server.

Sorry if I sound so helpless, it's been a long morning  :Shocked: 

----------

## PaulBredbury

For bind versions 9.2.5-r6 and 9.3.1-r8...

BIND files for a home network

Assumes the PC has IP address 192.168.0.8, and also acts as a DNS server for another PC on the home network which has IP address 192.168.0.9.

/etc/bind/named.conf:

```
logging {

        // severity can be one of: debug info

        channel "my_syslog" { syslog daemon; severity info; };

        category "default"  { "my_syslog"; "default_debug"; };

};

options {

        directory "/var/bind";

        version "Bind";

        // Interfaces listened on

        listen-on-v6 { none; };

        listen-on { 127.0.0.1; 192.168.0.8; };

        // Allows only specific hosts to use the DNS server

        allow-query { 127.0.0.1; 192.168.0.8; 192.168.0.9; };

        // Lock down recursive queries too

        allow-recursion { 127.0.0.1; 192.168.0.8; 192.168.0.9; };

        // if you have problems and are behind a firewall:

        //query-source address * port 53;

        pid-file "/var/run/named/named.pid";

};

// Prime the server with knowledge of the root servers.

zone "." IN {

        type hint;

        file "named.ca";

};

// Be authoritative for the localhost forward and reverse zones, and for

// broadcast zones as per RFC 1912.

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

```

/etc/bind/pri/127.zone:

```
$ORIGIN 127.in-addr.arpa.

$TTL 1W

@              1D IN SOA        localhost. root.localhost. (

                                15     ; Serial

                                3H     ; Refresh

                                15M    ; Retry

                                1W     ; Expiry

                                1D )   ; Minimum

               1D IN NS         localhost.

*              1D IN PTR        localhost.

```

/etc/bind/pri/localhost.zone:

```
$TTL 1W

@       IN      SOA     ns.localhost. root.localhost.  (

                                15     ; Serial

                                3H     ; Refresh

                                15M    ; Retry

                                1W     ; Expiry

                                1D )   ; Minimum

                IN      NS      127.0.0.1

localhost.      IN      A       127.0.0.1

```

/etc/resolv.conf:

```
# This entry may not be needed

nameserver 127.0.0.1

# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname

domain homenetwork

```

/etc/hosts:

```
127.0.0.1       localhost pcname

192.168.0.8     pcname.homenetwork
```

BIND files for a server

For this example, the server is named "company.com" with IP address 12.34.56.78. It it its own primary DNS server, with two secondary servers provided by the ISP: ns0.nameserver.net and ns1.nameserver.net.

/etc/bind/named.conf:

```
logging {

        // severity can be one of: debug info

        channel "my_syslog" { syslog daemon; severity info; };

        category "default" { "my_syslog"; "default_debug"; };

};

options {

        directory "/var/bind";

        version "Bind";

        listen-on-v6 { none; };

        allow-recursion { 127.0.0.1; };

        pid-file "/var/run/named/named.pid";

};

// This is the master server for company.com

zone "company.com" {

        type master;

        file "pri/company.com.zone";

};

// Reverse zone for company.com

zone "78.56.34.12.in-addr.arpa" {

        type master;

        file "pri/78.56.34.12.zone";

};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

```

/etc/bind/pri/127.zone and /etc/bind/pri/localhost.zone are the same as specified for a home network above.

/etc/bind/pri/company.com.zone:

```
$TTL 3D

company.com. IN    SOA   ns.company.com.  root.company.com.  (

                                        27     ; Serial

                                        1D     ; Refresh

                                        30M    ; Retry

                                        1W     ; Expiry

                                        1D )   ; Minimum

@                       IN      NS      ns.company.com.

@                       IN      NS      ns0.nameserver.net.

@                       IN      NS      ns1.nameserver.net.

@                       IN      MX 0    mail.company.com.

@                       IN      A       12.34.56.78

ns                      IN      A       12.34.56.78

mail                    IN      A       12.34.56.78

www                     IN      A       12.34.56.78

ftp                     IN      A       12.34.56.78

```

/etc/bind/pri/78.56.34.12.zone: (the 4 components of the IP address are in reverse order)

```
$TTL 3D

@                       IN SOA ns.company.com. root.company.com. (

                                        27     ; Serial

                                        1D     ; Refresh

                                        30M    ; Retry

                                        1W     ; Expiry

                                        1D )   ; Minimum

@                               IN NS   ns.company.com.

@                               IN NS   ns0.nameserver.net.

@                               IN NS   ns1.nameserver.net.

@                               IN PTR  company.com.

@                               IN PTR  ns.company.com.

@                               IN PTR  www.company.com.

@                               IN PTR  mail.company.com.

@                               IN PTR  ftp.company.com.

```

/etc/resolv.conf:

```
# This entry may not be needed

nameserver 127.0.0.1

# Added automatically, from DNSDOMAIN in /etc/conf.d/domainname

domain company.com

```

/etc/hosts:

```
127.0.0.1       localhost

12.34.56.78     ns.company.com ns
```

----------

## nobspangle

In the second example you should also have

```
recursion no;
```

in your options section.

You can also combine the two examples using views so that 1 view is for clients on the internal network and the other view is for clients on the public internet.

This is a really good online guide, and deals with everything from the basics, right up to dynamic updates from dhcp

----------

## PaulBredbury

 *nobspangle wrote:*   

> recursion no;

 

Ah, but I forgot to mention that the server is serving DNS lookups for itself, rather than use the ISP's DNS servers, so I've added "allow-recursion" instead (and added /etc/resolv.conf contents). Thanks for the hint.

----------

## bhogg

How would these config files be modified if a DNS server had a dynamic IP address?

Also, by default, there doesn't seem to be a named.pid on my system after emerging bind... other PID's (apache2.pid) seem to have a numeric value in them and nothing else, not sure what this is for.

Thanks,

Brian

----------

## PaulBredbury

 *bhogg wrote:*   

> How would these config files be modified if a DNS server had a dynamic IP address?

 

Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.

 *Quote:*   

> Also, by default, there doesn't seem to be a named.pid on my system after emerging bind

 

I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named.

----------

## bhogg

 *Quote:*   

> Servers are meant to have static IP addresses. Dynamic IP addresses would be a recipe for unreliability.

 

The web site is currently for a low-traffic project, and does not need high reliability.  I have a no-ip.com address pointing to the same server which works well.  Just need this new .ca to forward/resolve to the same address.  Needless to say trying to put the no-ip address in zone files didn't do much of anything.  The IP Address is resolving locally though, will probably take time to propogate.[/quote]

 *Quote:*   

> I have /var/run/named/named.pid (defined by PIDFILE in /etc/conf.d/named), containing the process ID (same as shown by "ps ax | grep named"). It is used by start-stop-daemon in /etc/init.d/named.

 

I was having issues starting named previously, but now that it is running the .pid file exists where needed.

----------

## JC99

Use webmin to configure bind, much easier.

----------

## Sakkath

Could someone explain the headers better, the refresh, minimum, expiry, default_ttl, and the $TTL at the top?  I don't know any of the SOA entries besides serial :-p.

----------

## Eugene33

Thanks for this tuto, I spent 1 month trying to configure my server correctly, and I finally had it in 2 hours. Thank you  :Wink: 

----------

## makenoob

 *EvilEye wrote:*   

> Use webmin to configure bind, much easier.

 

full ACK on that.

it won't hurt if you know what webmin is doing, so that you should dive into the docs after you got it up and running. the o'reilly-books on bind are a good start for that.

----------

## hidrogen

Hi.

I've followed the BIND files for a home network example but i have a problem.

A PC inside the network cannot ping other pc's from the network except if i use their IP.

Ex:

ping www.google.com -> works fine

ping 192.168.134.100 -> works fine

ping vg.homenetwork -> doesn't work

thanks in advanced

----------

## PaulBredbury

 *hidrogen wrote:*   

> ping vg.homenetwork -> doesn't work

 

That's what "bind files for a server" is for.

----------

## hidrogen

Done  :Wink: 

 *PaulBredbury wrote:*   

>  *hidrogen wrote:*   ping vg.homenetwork -> doesn't work 
> 
> That's what "bind files for a server" is for.

 

----------

## Ginta

What to do with dynamic IP address? I have a DynDNS account, updated constantly by router, is xxxxx.homelinux.net

How will I need to do to configure ? change the file with reverse IP address to xxxxx.homelinux.net or something else?

----------

## PaulBredbury

 *Ginta wrote:*   

> dynamic IP address?

 

emerge ddclient

Put in /etc/ddclient/ddclient.conf

```
daemon=36000

syslog=yes

mail-failure=root

ssl=yes

protocol=dyndns2

use=web

login=yourlogin

password=yourpassword

yoursubname.dyndns.org
```

You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable.

----------

## oddthing

 *PaulBredbury wrote:*   

> 
> 
> You cannot have bind on that dynamic IP acting as a nameserver to resolve to that dynamic IP, though - an Internet-facing nameserver must be on a static IP, to be reliable.

 

I dunno how i did get around this problem, but at my hosting company i've edited some DNS options and did get redirected even with a dynamic IP, dunno though what DNS program thy run...

i have my domain: example.dom

then i setup that: num.example.dom -> my.dyn.ip

i just confed:

Localname: "num"

Type: "CNAME"

Target: my.dyn.ip

abit knowledge is:

NS = NameServer

MX = MaileXchange

A, AHOST = Address (IP)

CNAME = Hostname

but just for redirecting... my problem now is to get bind to do the rest... so i may get "1.num.example.dom" "2.num.example.dom" and so on...

----------

## PaulBredbury

 *oddthing wrote:*   

> did get redirected even with a dynamic IP

 

Of course, but what happens when your IP address changes? That' the point.

----------

## oddthing

 *PaulBredbury wrote:*   

> 
> 
> Of course, but what happens when your IP address changes? That' the point.

 

No changes at all... since ddclient changes ip at the my.dyn.ip

```

example.dom - num.example.dom

                         |

                   my.dyn.ip    (updated by ddclient)

                         |

               [home computer]  - one.num.example.dom (vhost)

                            - two.num.example.dom (vhost)
```

----------

