I have just set up a local DNS (bind9) server on my network, mainly because I got tired of forever editing my ‘hosts’ files, and just to see if I could… I have worked with DNS servers mainly through web-based front-ends, so I wanted to find out what the configuration really looked like. The most helpful and complete resource I came across was the BIND 9 Administrator Reference Manual (Good title). Here is the configuration I finally came up with (and some associated notes).
The Configuration Files
The ‘named.conf’ file that usually contains the main configuration information is split into 3 seperate files on the debian install.
named.conf
The ‘named.conf’ file is located in the ‘/etc/bind/’ directory, this is the main bind configuration directory on a debian install. The ‘named.conf’ file itself is written so there is probably no need to edit it. All personalisation of the service can be done using the ‘named.conf.options’ and ‘named.conf.local’ files that are referenced in the ‘named.conf’.
named.conf.options
‘named.conf.options’ pretty much contains the options block that is usually found in the top of the ‘named.conf’ file.
The directory parameter specifies the root directory where all relatively referenced files can be found (this is the default on debian)
The forwarders is a list of DNS servers that this server can ‘forward’ the query to if it doesn’t know the answer. This is pointed at my ISP’s normal DNS server (in this case, via the network router)
The auth-nxdomain directive instructs the server to answer as an authoritative source for non-existant (nx) records. It is generally a bad idea.
The allow-query directive is fairly self-explanatory, it provides a list of IP ranges that are permitted to query this server. In this case, I have limited access to the localhost and the private network.
The listen-on directive is similar, it provides a list of IPs that the server should listen on. In my case this is only the loopback and the private interface.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | |
On the debian package the file ‘named.conf.local’ is referenced by the ‘named.conf’ to provide information about the setup specific to this server. As such, there is little or no need to edit the ‘named.conf’ itself. My ‘named.conf.local’ defines 2 zones; ‘everyone-here.is-a-geek.com’, whichs maps the computers on the LAN, and the ‘1.168.192.in-addr.arpa’ zone, which provides the reverse dns information. While this is (especially on a LAN) pretty much un-used as far as I know, it’s still good practice to put it in, and it can be useful at times for resolving the “Which computer connected to my server?” question.
The type ‘master’ tells the server that it is the authority for this zone, and it should be able to answer definitively about requests for systems in it.
The file points to the ‘database’ file containing specific information about the contents of the zone. This file is relative to the path given earlier, but an absolute path can also be used.
1 2 3 4 5 | |
The reverse zone is exactly the same as the forward zone. All reverse DNS zones end in ‘.in-addr.arpa’, the rest of the address is the IP in reverse (i.e 192.168.1. is my internal IP range, so to allow lookups I add entries for ‘1.168.192.in-addr.arpa’)
1 2 3 4 5 | |
The Database file(s)
db.everyone-here.is-a-geek.com
This one probably needs a bit more explanation, I think it’s easier if I comment it inline. Two important things to remember everything that doesn’t end in a “.” will be prepended to the base domain, and the @ is substituted for the base domain.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | |
And the reverse table works the same way as the forward ones, except with the special .in-addr.arpa postfix.
/etc/bind/db.192
1 2 3 4 5 6 7 8 9 10 11 12 13 | |
So there you have it, thats pretty much the guts of my DNS configuration. It took some tweaking to get it right (syslog is you best friend on this one) but it now works for my needs.