# DNS Configuration BIND || dansmasq

## Fylar

Hi, I'm trying to do some basic setup of either BIND or dnsmasq.

I've emerged them both, but haven't really had much joy with either.

With BIND, all of the samples I have seen display named.conf as reading like this....

```
options {

        directory "/etc/namedb";

        // uncomment the following lines to turn on DNS forwarding,

        // and change the forwarding ip address(es) :

        //forward first;

        //forwarders {

        //      123.123.123.123;

        //      123.123.123.123;

        //};

        listen-on-v6 { none; };

        listen-on { 127.0.0.1; 10.0.0.3; 10.1.1.0/24 };

        // to allow only specific hosts to use the DNS server:

        //allow-query {

        //      127.0.0.1;

        //};

        // if you have problems and are behind a firewall:

        //query-source address * port 53;

        pid-file "/var/run/named/named.pid";

};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

//primary domain for entire server mbcchosting.com

zone "cytv.com" IN {

        type master;

        file "pri/mbcchosting.com.zone";

        allow-update { none; };

        notify no;

};
```

 *Quote:*   

> 
> 
> Now is this the same file eas /etc/conf.d/named ?
> 
> if so... the default file that was provided when I emerged was similar to this..
> ...

 

Now. All I want to do is to have a simple caching dns server on my workstation, which will perform dns lookups on my home network.

My flatmates have a nasty habit of unplugging me from the router, so I want to create a disincentive for them to do so  :Wink: 

I tried also to use dnsmasq, but it couldn't  seem to get it  working

I figured that as my router uses dhcp, that my resolv.conf is not a safe place to store configuration data for dnsmasq

My /etc/conf.d/dnsmasq looks something like this

```
# Copyright 1999-2004 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/net-dns/dnsmasq/files/dnsmasq.confd,v 1.3 2004/07/14 23:23:32 agriffis Exp $

# Config file for /etc/init.d/dnsmasq

# See the dnsmasq(8) man page for possible options to put here.

DNSMASQ_OPTS="server 203.24.100.125 server 203.123.69.15"

```

Thanks in advance,

Julian aka Fylar

----------

## Fylar

I'm an idiot...

Try /var/bind/named.conf

I'm not sure if it's working though. I tried setting the router to look for dns from my ip. (I don't know for sure that when I am resolving a hostname that it is going through my pc.)

interestingly..

when I try /etc/init.d/named stop

it fails...

I wanted to simulate the dns server being down, but it looks like it doesn't want to be.

Any suggestions?

----------

## nobspangle

are you sure named is running 

ps aux | grep named

will tell you

This line

directory "/etc/namedb"; 

in your named.conf probably wants to be directory "/var/bind";

Then look in /var/bind/pri and make sure you have localhost.zone and 127.zone and also you should have named.ca in /var/bind

Make sure your listen-on directive is set to the IP addresses you want the server to listen on, usually the ethernet that is connected to your LAN localhost

You may want to set your forwarders to the IP addresses of the DNS servers used by your ISP, although it should work without.

Next add query logging so you can see what the server is doing (you'll probably want to turn this off later)

```
logging {

     channel query_logging {

         file "/var/log/bind/query.log" versions 3 size 10M;

   print-time yes;

   };

   category queries {

      query_logging;

   };

   category lame-servers { null; };

};
```

Create the /var/log/bind directory and make sure it is writeable by the named user.

Now try and resolve some addresses and see if the querys appear in the bind log

----------

## Fylar

Thanks,

I'll test this out when I get home.

While I'm at it, should I change the user it runs as and chroot bind also?

Is it a security issue if I don't?

Cheers,

Julian aka Fylar

----------

## Chris W

BIND is very fussy about its zone files, and they are not the most human friendly format.  If your mbcchosting.com.zone file is missing or broken this will stop BIND dead.  

DNSMasq does not have any command line options for directly specifying the upstream DNS servers as you have tried.  You can specify an alternate 'resolv.conf' file to fetch the upstream DNS from by using the DNSMASQ_OPTS="--resolv-file=some.other.file" option in /etc/conf.d/dnsmasq.  However, if your Linux box gets its public interface address by DHCP (PPP or PPOE etc.) from your ISP then the real resolv.conf is what you want DNSMasq to read from in any case.

----------

## Fylar

Ok...

Here's what I have so far...

named is not running.  :Sad: 

Named.conf...

```
acl "study" { 10.1.1.0/24 };

options {

        directory "/var/bind";

        // uncomment the following lines to turn on DNS forwarding,

        // and change the forwarding ip address(es) :

        //forward first;

        forwarders {

        203.24.100.125

        203.123.69.15

        allow-query { "study"; };

};

        listen-on-v6 { none; };

        listen-on { 127.0.0.1; 10.1.1.0/24};

        // to allow only specific hosts to use the DNS server:

        //allow-query {

        //      127.0.0.1;

        //};

        // if you have problems and are behind a firewall:

        //query-source address * port 53;

        pid-file "/var/run/named.pid";

};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

};

logging {

     channel query_logging {

     file "/var/log/bind/query.log" versions 3 size 10M;

     print-time yes;

         };

category queries {

         query_logging;

        };

category lame-servers { null; };

};

```

 /etc/conf.d/named

```

# Set various named options here.

#

OPTIONS=""

# Set this to the number of processors you have.

#

CPU="1"

# If you wish to run bind in a chroot, run:

# ebuild /var/db/pkg/net-dns/<bind version>/<bind-version> config

# and un-comment the following line.

# You can specify a different chroot directory but MAKE SURE it's empty.

```

 *Quote:*   

> Then look in /var/bind/pri and make sure you have localhost.zone and 127.zone and also you should have named.ca in /var/bind
> 
> Make sure your listen-on directive is set to the IP addresses you want the server to listen on, usually the ethernet that is connected to your LAN localhost
> 
> You may want to set your forwarders to the IP addresses of the DNS servers used by your ISP, although it should work without.
> ...

 

I've done that...

it seems even though I unmerged dnsmasq... named somehow conflicts

Can you see anything glaringly obvious that I've missed?

----------

## zeek

Killer online BIND reference here:

http://www.zytrax.com/books/dns/

The listen-on setting was bogus -- it was trying to bind to an entire /24.

You also want to use the program named-checkconf which will point out what your errors are.

Try this conf:

```
acl "study" { 10.1.1.0/24 };

options {

        directory "/var/bind";

        // uncomment the following lines to turn on DNS forwarding,

        // and change the forwarding ip address(es) :

        //forward first;

        //forwarders {

        //203.24.100.125

        //203.123.69.15

        //};

        allow-query { study; };

        listen-on-v6 { none; };

        // if you have problems and are behind a firewall:

        //query-source address * port 53;

        pid-file "/var/run/named.pid";

};

zone "." IN {

        type hint;

        file "named.ca";

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "127.in-addr.arpa" IN {

        type master;

        file "pri/127.zone";

        allow-update { none; };

        notify no;

};

logging {

     channel query_logging {

     file "/var/log/bind/query.log" versions 3 size 10M;

     print-time yes;

         };

category queries {

         query_logging;

        };

category lame-servers { null; };

};

```

----------

## nobspangle

if you want to allow forwarding you also need to uncomment the 

forward first line i.e.

```
        forward first; 

        forwarders { 

        203.24.100.125 

        203.123.69.15 

}; 
```

also in your original config, your allow query line had got mixed in to the forward directive.

On a slightly different note I disagree that the bind zone files are not human friendly. They are just DNS records written down, there's no special configuration or syntax. You have to know when to use an A record or a CNAME and the structure of an SOA record, but this has nothing to do with the bind configuration, this is how dns works.

Also that online guide zeek recommends is superb I use it all the time just to check little things. If you look you'll notice that the actual section on bind hasn't been written. The book is actually mostly about dns, since bind is just dns written down it works well.

----------

## Fylar

 *zeek wrote:*   

> 
> 
> You also want to use the program named-checkconf which will point out what your errors are.
> 
> 

 

Brilliant.

I didn't see this in your post at first, it showed me three missing semi-colons, and all seems to be happy now.

Thanks.

Julian aka Fylar

----------

## stillman

try djbdns - it is very user friendly to install, alltough you have to have two ip's for the dnscache(the resolver) and tinydns(the dns-server) or configure one of them on localhost.

----------

