Configuring BIND on RedHat (DNS under Linux)
Part 2 - Primary Name Server for a Zone
http://www.xenocafe.com/tutorials/dns_linux/redhat/dns_linux_redhat-part2.php
Written by Tony Bhimani
July 21, 2004
Requirements
RedHat Linux 9
BIND 9.2.1
Now we will configure BIND to be a primary name server for a single zone. I will use the fictitous domain somefakedomain.com as an example. We will add the hostnames www, ftp, and mail. We will also have BIND respond if no hostname is specified in a query (i.e. somefakedomain.com).
BIND stores its configuration data in named.conf which is located in the /etc directory. This file contains the names of the zones and location of the zone data files that it is responsible for answering queries for. The zone data files are stored by default at /var/named (although you can change this path if you wish). Before you can make any changes I will assume you know which text editor you will be using. I prefer pico, but for this tutorial I will use vi since it has a better chance of being installed by default.
Switch over to the /etc directory and open the named.conf file.
cd /etc
vi named.conf
You should see something that looks like the following.
Scroll through the file and take a look at the contents. Locate the localhost zone.
zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; Move the cursor on the blank like below the }; and press the i key. The i key puts vi in insert mode (you should see -- INSERT -- at the botton of vi). Press the enter key once then type in the following. Note: the spacing in front of type, file, and allow-update are tabs, so press the tab key on each of those lines.
zone "somefakedomain.com" IN { type master; file "somefakedomain.com.zone"; allow-update { none; }; }; Be sure to put a blank line underneath the }; when you are done. It always helps to keep your files neat and clean. Now we will save the file. Press ESC and vi should leave insert mode (-- INSERT -- at the bottom of vi should disappear). Now type :wq and enter. vi should write our changes and exit back to the prompt.
We have told BIND that we handle the somefakedomain.com domain and the zone data is in the somefakedomain.com.zone file located at /var/named. Now we have to create the somefakedomain.com.zone file.
Switch over to /var/named and make a copy of the localhost.zone file and save it as somefakedomain.com.zone. This will give us a template to work with so we don't have to type as much. It also saves us from changing the file's owner, group, and permissions.
cd /var/named
cp localhost.zone somefakedomain.com.zone
vi somefakedomain.com.zone
You should get something that looks like this.
Put vi in insert mode and alter the zone file so it looks like the data below. Use tabs between items. Where I use 192.168.1.200 you should replace with your public IP address (don't use local LAN IP's).
$TTL 86400 $ORIGIN somefakedomain.com. @ IN SOA ns1.somefakedomain.com. admin.somefakedomain.com. ( 2004042601 ; serial 21600 ; refresh 3600 ; retry 604800 ; expires 86400 ) ; minimum IN NS ns1.somefakedomain.com. IN MX 10 mail.somefakedomain.com. IN A 192.168.1.200 ns1 IN A 192.168.1.200 www IN A 192.168.1.200 ftp IN A 192.168.1.200 mail IN A 192.168.1.200 Let's briefly go over the values (if you want more details on the contents of a zone file visit).
"ns1.somefakedomain.com." is the name server responsible for somefakedomain.com. When you register a domain name the registrar asks you for the name servers names and IP's. We have given our name server the name ns1 (i.e. name server 1). So if we were to register somefakedomain.com, we would use ns1.somefakedomain.com for the name and the IP address of the machine we have designated as our DNS server.
"admin.somefakedomain.com." is the email address of the administrator in charge of the zone. You replace the @ symbol in the email address with a period. So admin@somefakedomain.com becomes admin.somefakedomain.com.
The "IN NS ns1.somefakedomain.com." means we are declaring ns1.somefakedomain.com to be a name server.
With "IN MX 10 mail.somefakedomain.com." we are declaring a mail exchange (or mail server) with a priority of 10. Since we only use one mail server the priority has no effect.
The "IN A 192.168.1.200" means we are declaring a host (with no hostname, so it means somefakedomain.com) and it's IP is 192.168.1.200. Any queries on just somefakedomain.com will resolve to 192.168.1.200. This is is useful when you configure your web server to work on somefakedomain.com or www.somefakedomain.com. They both point to the same thing and will return the same web site.
The rest of the entries mean we are declaring hosts ns1, www, ftp, and mail (ns1.somefakedomain.com, www.somefakedomain.com, ftp.somefakedomain.com, and mail.somefakedomain.com). Since they all share the same IP, each of those services will run from the same machine. If you had the mail server running on a different machine then you would substitute that machines IP address in place of 192.168.1.200. The same goes for the rest of the hosts.
When you are done editing the zone file, it should look like this.
Save it and close out of vi. Press ESC to get out of insert mode, type :wq and press enter. You should be back to the command prompt.
Now we need to tell named (BIND) to load the zone and answer any queries that come in.
/etc/init.d/named reload
Now we can test our domain using nslookup.
nslookup
server 127.0.0.1
somefakedomain.com
www.somefakedomain.com
mail.somefakedomain.com
You should see something similar to the following screen.
Everything looks good. BIND is resolving our somefakedomain.com. When you are done, type exit and press enter.
If you purchased a real domain name then you shouldn't have any trouble configuring BIND to respond to any queries for it. If you have a firewall running such as iptables, make sure you have port 53 open. If you use a hardware firewall or router, open port 53 and port forward any requests for port 53 to the correct machine on your LAN. Make sure all IP's you use in your zone files are the public IP addresses accessible from the Internet. And you will need static IP addresses. Dynamic IP addresses from providers such as Charter or Adelphia won't work. You may have the same IP for a long time but it eventually change. At that time you will have to contact your domain name registrar and have them change your DNS server IP address. You might want to contact your ISP and see if they offer static IP's. If they do you might be paying more for your Internet service. It might be time to migrate your server to a co-location.
If you need to add additional domains, just follow the same steps and you shouldn't have any problems. If you want to configure a secondary name server (backup DNS) then continue on to part 3 of this tutorial.
No hay comentarios:
Publicar un comentario