Configure BIND As A Private Network DNS Server On Ubuntu 14

Menu
Communit
uscrie
:MitchellAnicas
HowToConfigureINDasaPrivateNetworkDNerveronUuntu14.04
Posted August12,2014
458.4k
DN
NTWORKING
DIGITALOCAN
UUNTU
39
Tutorialeries
Thistutorialispart6of7intheseries:AnIntroductiontoManagingDN
Introduction
AnimportantpartofmanagingserverconfigurationandinfrastructureincludesmaintaininganeaswatolookupnetworkinterfacesandIP
addressesname,settingupaproperDomainNamestem(DN).Usingfullqualifieddomainnames(FQDNs),insteadofIPaddresses,to
specifnetworkaddresseseasestheconfigurationofservicesandapplications,andincreasesthemaintainailitofconfigurationfiles.ettingup
ourownDNforourprivatenetworkisagreatwatoimprovethemanagementofourservers.
Inthistutorial,wewillgooverhowtosetupaninternalDNserver,usingtheINDnameserversoftware(IND9)onUuntu14.04,thatcane
usedourVirtualPrivateervers(VP)toresolveprivatehostnamesandprivateIPaddresses.Thisprovidesacentralwatomanageour
internalhostnamesandprivateIPaddresses,whichisindispensalewhenourenvironmentexpandstomorethanafewhosts.
TheCentOversionofthistutorialcanefoundhere.
Prerequisites
Tocompletethistutorial,ouwillneedthefollowing:
omeserversthatarerunninginthesamedatacenterandhaveprivatenetworkingenaled
AnewVPtoserveasthePrimarDNserver,ns1
Optional:AnewVPtoserveasaecondarDNserver,ns2
Rootaccesstoalloftheaove(steps1-4here)
IfouareunfamiliarwithDNconcepts,itisrecommendedthatoureadatleastthefirstthreepartsofourIntroductiontoManagingDN.
xampleHosts
Forexamplepurposes,wewillassumethefollowing:
WehavetwoexistingVPcalled"host1"and"host2"
othVPexistinthenc3datacenter
othVPhaveprivatenetworkingenaled(andareonthe10.128.0.0/16sunet)
othVParesomehowrelatedtoourweapplicationthatrunson"example.com"
Withtheseassumptions,wedecidethatitmakessensetouseanamingschemethatuses"nc3.example.com"torefertoourprivatesunetor
zone.Therefore,host1'sprivateFull-QualifiedDomainName(FQDN)wille"host1.nc3.example.com".Refertothefollowingtaletherelevant
details:
Host
Role
PrivateFQDN
PrivateIPAddress
host1
GenericHost1
host1.nc3.example.com
10.128.100.101
host2
GenericHost2
host2.nc3.example.com
10.128.200.102
Note:Yourexistingsetupwilledifferent,uttheexamplenamesandIPaddresseswilleusedtodemonstratehowtoconfigureaDNserverto
provideafunctioninginternalDN.Youshouldealetoeasiladaptthissetuptoourownenvironmentreplacingthehostnamesandprivate
IPaddresseswithourown.Itisnotnecessartousetheregionnameofthedatacenterinournamingscheme,utweuseitheretodenotethat
thesehostselongtoaparticulardatacenter'sprivatenetwork.Ifouutilizemultipledatacenters,oucansetupaninternalDNwithineach
respectivedatacenter.
OurGoal
theendofthistutorial,wewillhaveaprimarDNserver,ns1,andoptionallasecondarDNserver,ns2,whichwillserveasaackup.
HereisatalewithexamplenamesandIPaddresses:
Host
Role
PrivateFQDN
PrivateIPAddress
ns1
PrimarDNerver
ns1.nc3.example.com
10.128.10.11
ns2
econdarDNerver
ns2.nc3.example.com
10.128.20.12
Let'sgetstartedinstallingourPrimarDNserver,ns1.
InstallINDonDNervers
Note:Textthatishighlightedinredisimportant!Itwillofteneusedtodenotesomethingthatneedstoereplacedwithourownsettingsorthatit
shouldemodifiedoraddedtoaconfigurationfile.Forexample,ifouseesomethinglikehost1.nc3.example.com,replaceitwiththeFQDNof
ourownserver.Likewise,ifouseehost1_private_IP,replaceitwiththeprivateIPaddressofourownserver.
OnothDNservers,ns1andns2,updateapt:
$ sudoaptgetupdate
NowinstallIND:
$ sudoaptgetinstallbind9bind9utilsbind9doc
IPv4Mode
eforecontinuing,let'ssetINDtoIPv4mode.Onothservers,editthe bind9 serviceparametersfile:
$ sudovi/etc/default/bind9
Add"-4"tothe OPTIONS variale.Itshouldlooklikethefollowing:

/etc/default/ind9
OPTIONS="4ubind"
aveandexit.
NowthatINDisinstalled,let'sconfiguretheprimarDNserver.
ConfigurePrimarDNerver
IND'sconfigurationconsistsofmultiplefiles,whichareincludedfromthemainconfigurationfile, named.conf .Thesefilenameseginwith"named"
ecausethatisthenameoftheprocessthatINDruns.Wewillstartwithconfiguringtheoptionsfile.
ConfigureOptionsFile
Onns1,openthe named.conf.options fileforediting:
$ sudovi/etc/bind/named.conf.options
Aovetheexisting options lock,createanewACLlockcalled"trusted".Thisiswherewewilldefinelistofclientsthatwewillallowrecursive

DNqueriesfrom(i.e.ourserversthatareinthesamedatacenterasns1).UsingourexampleprivateIPaddresses,wewilladdns1,ns2,host1,and
host2toourlistoftrustedclients:
/etc/ind/named.conf.options1of3
acl"trusted"{
10.128.10.11;#ns1canbesettolocalhost
10.128.20.12;#ns2
10.128.100.101;#host1
10.128.200.102;#host2
};
NowthatwehaveourlistoftrustedDNclients,wewillwanttoeditthe options lock.Currentl,thestartofthelocklookslikethefollowing:

options{
directory"/var/cache/bind";
...
}
elowthe directory directive,addthehighlightedconfigurationlines(andsustituteintheproperns1IPaddress)soitlookssomethinglikethis:

options{
directory"/var/cache/bind";
recursionyes;#enablesresursivequeries
allowrecursion{trusted;};#allowsrecursivequeriesfrom"trusted"clients
listenon{10.128.10.11;};#ns1privateIPaddresslistenonprivatenetworkonly
allowtransfer{none;};#disablezonetransfersbydefault
forwarders{
8.8.8.8;
8.8.4.4;
};
...
};
Nowsaveandexit named.conf.options .Theaoveconfigurationspecifiesthatonlourownservers(the"trusted"ones)willealetoquer

ourDNserver.
Next,wewillconfigurethelocalfile,tospecifourDNzones.
ConfigureLocalFile
Onns1,openthe named.conf.local fileforediting:
$ sudovi/etc/bind/named.conf.local
Asidefromafewcomments,thefileshouldeempt.Here,wewillspecifourforwardandreversezones.
Addtheforwardzonewiththefollowinglines(sustitutethezonenamewithourown):
/etc/ind/named.conf.local1of2
zone"nyc3.example.com"{
typemaster;
file"/etc/bind/zones/db.nyc3.example.com";#zonefilepath
allowtransfer{10.128.20.12;};#ns2privateIPaddresssecondary
};
Assumingthatourprivatesunetis10.128.0.0/16,addthereversezonewiththefollowinglines(notethatourreversezonenamestartswith
"128.10"whichistheoctetreversalof"10.128"):
/etc/ind/named.conf.local2of2
zone"128.10.inaddr.arpa"{
typemaster;
file"/etc/bind/zones/db.10.128";#10.128.0.0/16subnet
allowtransfer{10.128.20.12;};#ns2privateIPaddresssecondary
};
Ifourserversspanmultipleprivatesunetsutareinthesamedatacenter,esuretospecifanadditionalzoneandzonefileforeachdistinct
sunet.Whenouarefinishedaddingallofourdesiredzones,saveandexitthe named.conf.local file.
NowthatourzonesarespecifiedinIND,weneedtocreatethecorrespondingforwardandreversezonefiles.
CreateForwardZoneFile
TheforwardzonefileiswherewedefineDNrecordsforforwardDNlookups.Thatis,whentheDNreceivesanamequer,
"host1.nc3.example.com"forexample,itwilllookintheforwardzonefiletoresolvehost1'scorrespondingprivateIPaddress.
Let'screatethedirectorwhereourzonefileswillreside.Accordingtoournamed.conf.localconfiguration,thatlocationshoulde
/etc/bind/zones :
$ sudomkdir/etc/bind/zones
Wewillaseourforwardzonefileonthesample db.local zonefile.Copittotheproperlocationwiththefollowingcommands:
$ cd/etc/bind/zones
$ sudocp../db.local./db.nyc3.example.com
Nowlet'seditourforwardzonefile:
$ sudovi/etc/bind/zones/db.nyc3.example.com
Initiall,itwilllooksomethinglikethefollowing:
/etc/ind/zones/d.nc3.example.comoriginal
$TTL604800
@INSOAlocalhost.root.localhost.(
2;Serial
604800;Refresh
86400;Retry
2419200;Expire
604800);NegativeCacheTTL
;
@INNSlocalhost.;deletethisline
@INA127.0.0.1;deletethisline
@INAAAA::1;deletethisline
First,ouwillwanttoedittheOArecord.Replacethefirst"localhost"withns1'sFQDN,thenreplace"root.localhost"with
"admin.nc3.example.com".Also,evertimeoueditazonefile,oushouldincrementtheserialvalueeforeourestartthe named process--we
willincrementitto"3".Itshouldlooksomethinglikethis:
/etc/ind/zones/d.nc3.example.comupdated1of3
@INSOAns1.nyc3.example.com.admin.nyc3.example.com.(
3;Serial
Nowdeletethethreerecordsattheendofthefile(aftertheOArecord).Ifou'renotsurewhichlinestodelete,thearemarkedwitha"deletethis
line"commentaove.
Attheendofthefile,addournameserverrecordswiththefollowinglines(replacethenameswithourown).Notethatthesecondcolumn
specifiesthattheseare"N"records:
;nameserversNSrecords
INNSns1.nyc3.example.com.
ThenaddtheArecordsforourhoststhatelonginthiszone.Thisincludesanserverwhosenamewewanttoendwith".nc3.example.com"
(sustitutethenamesandprivateIPaddresses).UsingourexamplenamesandprivateIPaddresses,wewilladdArecordsforns1,ns2,host1,and
host2likeso:
;nameserversArecords
ns1.nyc3.example.com.INA10.128.10.11
;10.128.0.0/16Arecords
host1.nyc3.example.com.INA10.128.100.101
aveandexitthe db.nyc3.example.com file.

Ourfinalexampleforwardzonefilelookslikethefollowing:
/etc/ind/zones/d.nc3.example.comupdated
$TTL604800
3;Serial
604800;Refresh
86400;Retry
2419200;Expire
;
;nameserversArecords
;10.128.0.0/16Arecords
Nowlet'smoveontothereversezonefile(s).
CreateReverseZoneFile(s)
ReversezonefilearewherewedefineDNPTRrecordsforreverseDNlookups.Thatis,whentheDNreceivesaquerIPaddress,
"10.128.100.101"forexample,itwilllookinthereversezonefile(s)toresolvethecorrespondingFQDN,"host1.nc3.example.com"inthiscase.
Onns1,foreachreversezonespecifiedinthe named.conf.local file,createareversezonefile.Wewillaseourreversezonefile(s)onthesample
db.127 zonefile.Copittotheproperlocationwiththefollowingcommands(sustitutingthedestinationfilenamesoitmatchesourreversezone
definition):
$ cd/etc/bind/zones
$ sudocp../db.127./db.10.128
ditthereversezonefilethatcorrespondstothereversezone(s)definedin named.conf.local :
$ sudovi/etc/bind/zones/db.10.128
Initiall,itwilllooksomethinglikethefollowing:
/etc/ind/zones/d.10.128original
$TTL604800
@INSOAlocalhost.root.localhost.(
1;Serial
604800;Refresh
86400;Retry
2419200;Expire
;
@INNSlocalhost.;deletethisline
1.0.0INPTRlocalhost.;deletethisline
Inthesamemannerastheforwardzonefile,ouwillwanttoedittheOArecordandincrementtheserialvalue.Itshouldlooksomethinglikethis:
/etc/ind/zones/d.10.128updated1of3
3;Serial
Nowdeletethetworecordsattheendofthefile(aftertheOArecord).Ifou'renotsurewhichlinestodelete,thearemarkedwitha"deletethis
line"commentaove.
Attheendofthefile,addournameserverrecordswiththefollowinglines(replacethenameswithourown).Notethatthesecondcolumn
specifiesthattheseare"N"records:
Thenadd PTR recordsforallofourserverswhoseIPaddressesareonthesunetofthezonefilethatouareediting.Inourexample,this

includesallofourhostsecausetheareallonthe10.128.0.0/16sunet.Notethatthefirstcolumnconsistsofthelasttwooctetsofourservers'
privateIPaddressesinreversedorder.esuretosustitutenamesandprivateIPaddressestomatchourservers:
;PTRRecords
11.10INPTRns1.nyc3.example.com.;10.128.10.11
101.100INPTRhost1.nyc3.example.com.;10.128.100.101
aveandexitthereversezonefile(repeatthissectionifouneedtoaddmorereversezonefiles).
Ourfinalexamplereversezonefilelookslikethefollowing:
/etc/ind/zones/d.10.128updated
$TTL604800
@INSOAnyc3.example.com.admin.nyc3.example.com.(
3;Serial
604800;Refresh
86400;Retry
2419200;Expire
;nameservers
;PTRRecords
CheckINDConfigurationntax
Runthefollowingcommandtocheckthesntaxofthe named.conf* files:
$ sudonamedcheckconf
Ifournamedconfigurationfileshavenosntaxerrors,ouwillreturntoourshellpromptandseenoerrormessages.Ifthereareprolemswith
ourconfigurationfiles,reviewtheerrormessageandtheConfigurePrimarDNerversection,thentr namedcheckconf again.
The namedcheckzone commandcaneusedtocheckthecorrectnessofourzonefiles.Itsfirstargumentspecifiesazonename,andthesecond
argumentspecifiesthecorrespondingzonefile,whichareothdefinedin named.conf.local .
Forexample,tocheckthe"nc3.example.com"forwardzoneconfiguration,runthefollowingcommand(changethenamestomatchourforward
zoneandfile):
$ sudonamedcheckzonenyc3.example.comdb.nyc3.example.com
Andtocheckthe"128.10.in-addr.arpa"reversezoneconfiguration,runthefollowingcommand(changethenumerstomatchourreversezoneand
file):
$ sudonamedcheckzone128.10.inaddr.arpa/etc/bind/zones/db.10.128
Whenallofourconfigurationandzonefileshavenoerrorsinthem,oushouldereadtorestarttheINDservice.
RestartIND
RestartIND:
$ sudoservicebind9restart
YourprimarDNserverisnowsetupandreadtorespondtoDNqueries.Let'smoveontocreatingthesecondarDNserver.
ConfigureecondarDNerver
Inmostenvironments,itisagoodideatosetupasecondarDNserverthatwillrespondtorequestsiftheprimarecomesunavailale.Luckil,
thesecondarDNserverismucheasiertoconfigure.
Onns2,editthe named.conf.options file:
$ sudovi/etc/bind/named.conf.options
Atthetopofthefile,addtheACLwiththeprivateIPaddressesofallofourtrustedservers:
/etc/ind/named.conf.optionsupdated1of2(secondar)
acl"trusted"{
10.128.10.11;#ns1
10.128.20.12;#ns2canbesettolocalhost
10.128.100.101;#host1
10.128.200.102;#host2
};
elowthe directory directive,addthefollowinglines:

/etc/ind/named.conf.optionsupdated2of2(secondar)
recursionyes;
allowrecursion{trusted;};
listenon{10.128.20.12;};#ns2privateIPaddress
allowtransfer{none;};#disablezonetransfersbydefault
forwarders{
8.8.8.8;
8.8.4.4;
};
aveandexit named.conf.options .Thisfileshouldlookexactllikens1's named.conf.options fileexceptitshouldeconfiguredtolistenon

ns2'sprivateIPaddress.
Noweditthe named.conf.local file:
$ sudovi/etc/bind/named.conf.local
DefineslavezonesthatcorrespondtothemasterzonesontheprimarDNserver.Notethatthetpeis"slave",thefiledoesnotcontainapath,
andthereisa masters directivewhichshouldesettotheprimarDNserver'sprivateIP.Ifoudefinedmultiplereversezonesintheprimar
DNserver,makesuretoaddthemallhere:
/etc/ind/named.conf.localupdated(secondar)
zone"nyc3.example.com"{
typeslave;
file"slaves/db.nyc3.example.com";
masters{10.128.10.11;};#ns1privateIP
};
zone"128.10.inaddr.arpa"{
typeslave;
file"slaves/db.10.128";
masters{10.128.10.11;};#ns1privateIP
};
Nowsaveandexit named.conf.local .
Runthefollowingcommandtocheckthevaliditofourconfigurationfiles:
$ sudonamedcheckconf
Oncethatchecksout,restartind
$ sudoservicebind9restart
NowouhaveprimarandsecondarDNserversforprivatenetworknameandIPaddressresolution.Nowoumustconfigureourserverstouse
ourprivateDNservers.
ConfigureDNClients
eforeallofourserversinthe"trusted"ACLcanquerourDNservers,oumustconfigureeachofthemtousens1andns2asnameservers.
ThisprocessvariesdependingonO,utformostLinuxdistriutionsitinvolvesaddingournameserverstothe /etc/resolv.conf file.
UuntuClients
OnUuntuandDeianLinuxVP,oucaneditthe head file,whichisprependedto resolv.conf onoot:
$ sudovi/etc/resolvconf/resolv.conf.d/head
Addthefollowinglinestothefile(sustituteourprivatedomain,andns1andns2privateIPaddresses):
/etc/resolvconf/resolv.conf.d/head
searchnyc3.example.com#yourprivatedomain
nameserver10.128.10.11#ns1privateIPaddress
Nowrun resolvconf togenerateanew resolv.conf file:
$ sudoresolvconfu
YourclientisnowconfiguredtouseourDNservers.
CentOClients
OnCentO,RedHat,andFedoraLinuxVP,simpleditthe resolv.conf file:
$ sudovi/etc/resolv.conf
ThenaddthefollowinglinestotheTOPofthefile(sustituteourprivatedomain,andns1andns2privateIPaddresses):
/etc/resolv.conf
searchnyc3.example.com#yourprivatedomain
Nowsaveandexit.YourclientisnowconfiguredtouseourDNservers.
TestClients
Use nslookup totestifourclientscanquerournameservers.Youshouldealetodothisonalloftheclientsthatouhaveconfiguredand
areinthe"trusted"ACL.
ForwardLookup
Forexample,wecanperformaforwardlookuptoretrievetheIPaddressofhost1.nc3.example.comrunningthefollowingcommand:
$ nslookuphost1
Quering"host1"expandsto"host1.nc3.example.comecauseofthe search optionissettoourprivatesudomain,andDNquerieswillattempt

tolookonthatsudomaineforelookingforthehostelsewhere.Theoutputofthecommandaovewouldlooklikethefollowing:
Output:
Server:10.128.10.11
Address:10.128.10.11#53
Name:host1.nyc3.example.com
Address:10.128.100.101
ReverseLookup
Totestthereverselookup,quertheDNserverwithhost1'sprivateIPaddress:
$ nslookup10.128.100.101
Youshouldseeoutputthatlookslikethefollowing:
Output:
Server:10.128.10.11
Address:10.128.10.11#53
11.10.128.10.inaddr.arpaname=host1.nyc3.example.com.
IfallofthenamesandIPaddressesresolvetothecorrectvalues,thatmeansthatourzonefilesareconfiguredproperl.Ifoureceiveunexpected
values,esuretoreviewthezonefilesonourprimarDNserver(e.g. db.nyc3.example.com and db.10.128 ).
Congratulations!YourinternalDNserversarenowsetupproperl!Nowwewillcovermaintainingourzonerecords.
MaintainingDNRecords
NowthatouhaveaworkinginternalDN,ouneedtomaintainourDNrecordssotheaccuratelreflectourserverenvironment.
AddingHosttoDN
Wheneverouaddahosttoourenvironment(inthesamedatacenter),ouwillwanttoaddittoDN.Hereisalistofstepsthatouneedtotake:
PrimarNameserver
Forwardzonefile:Addan"A"recordforthenewhost,incrementthevalueof"erial"
Reversezonefile:Adda"PTR"recordforthenewhost,incrementthevalueof"erial"
Addournewhost'sprivateIPaddresstothe"trusted"ACL( named.conf.options )
ThenreloadIND:
$ sudoservicebind9reload
econdarNameserver
Addournewhost'sprivateIPaddresstothe"trusted"ACL( named.conf.options )
ThenreloadIND:
$ sudoservicebind9reload
ConfigureNewHosttoUseYourDN
Configureresolv.conftouseourDNservers
Testusing nslookup
RemovingHostfromDN
IfouremoveahostfromourenvironmentorwanttojusttakeitoutofDN,justremoveallthethingsthatwereaddedwhenouaddedtheserver
toDN(i.e.thereverseofthestepsaove).
Conclusion
Nowoumarefertoourservers'privatenetworkinterfacesname,ratherthanIPaddress.Thismakesconfigurationofservicesand
applicationseasierecauseounolongerhavetorememertheprivateIPaddresses,andthefileswilleeasiertoreadandunderstand.Also,
nowoucanchangeourconfigurationstopointtoanewserversinasingleplace,ourprimarDNserver,insteadofhavingtoeditavarietof
distriutedconfigurationfiles,whicheasesmaintenance.
OnceouhaveourinternalDNsetup,andourconfigurationfilesareusingprivateFQDNstospecifnetworkconnections,itiscriticalthatour
DNserversareproperlmaintained.Iftheothecomeunavailale,ourservicesandapplicationsthatrelonthemwillceasetofunction
properl.ThisiswhitisrecommendedtosetupourDNwithatleastonesecondarserver,andtomaintainworkingackupsofallofthem.
Upvote
:MitchellAnicas
(39)
uscrie
Tutorialeries
AnIntroductiontoManagingDN
DN,orthedomainnamesstem,isanessentialcomponentofmoderninternetcommunication.Itallowsustoreference
computersnamesinsteadofIPaddresses.Inthisseries,wewillcovertheasicideasehindDNsothatoufeel
comfortaleworkingwithit.Afterwards,wewillwalkthroughvariouswasthatoucangaingreatercontroloverourdomains
andDNresolution.
AnIntroductiontoDNTerminolog,Components,andConcepts
AComparisonofDNerverTpes:HowToChoosetheRightDNConfiguration
HowToetUpaHostNamewithDigitalOcean
HowToConfigureindasaCachingorForwardingDNerveronUuntu14.04
June25,2014
HowToConfigureindasanAuthoritative-OnlDNerveronUuntu14.04
June27,2014
HowToUseND,anAuthoritative-OnlDNerver,onUuntu14.04
Feruar18,2014
June30,2014
August28,2012
August12,2014
Jul3,2014
pinupanDcloudserverinunderaminute.
implesetup.Fullrootaccess.
traightforwardpricing.
DPLOYRVR
RelatedTutorials
ignupforournewsletter.
AComparisonofDNerverTpes:HowToChoosetheRightDNConfiguration
GetthelatesttutorialsonsAdminandopensourcetopics.
HowtoCreateanIntranetwithOpenVPNonUuntu16.04
nterouremailaddress
ignUp
HowToInstallandConfigureZaixtoecurelMonitorRemoteerversonCentO7
HowToetUpanNFMountonUuntu16.04
C R O L L TO TO P
24Comments
Leaveacomment...
LogIntoComment
tomcampell August29,2014
0
N00here.ItwouldehelpfuliftheintroparagraphtoldmewhatINDisandwhIneedit.IfIunderstandcorrectl,HowtoetupaHostNamewith
DigitalOceancoversmuchofthesameground,soIwouldedelightedifthearticletoldmewhentousewhich.
Thanksforalltheseexcellentdocs,TW.
HowToetUpaHostNamewithDigitalOcean
telverdlov
ThisarticlewalksouthroughsettinguptheDNforoursite.ThetutorialincludesstepstosetupanArecords,pointournameservers,and
providessomeinformationaoutMXrecords.
manicas
0
MOD
August29,2014
ThistutorialispartofaDNtutorialseries,whichexplainstheasicsofDNandshowsafewwastoimplementit.INDisanimplementationofthe
DNprotocols.
ThisparticulartutorialfocusesonsettingupaDNforourprivatenetwork(soourserverscanrefertoeachothers'privatenetworkinterfaces
nameinsteadofIPaddress).Ifouarehostingafairlsimpleinfrastructure,andonlrequireourpulicuserstoealetoaccessourwesite
name,useDigitalOcean'snameservers(themethodinthetutorialoulinked).
nterouremailaddress
ignUp
IwouldrecommendreadingthefirsttwopartsoftheseriestogetanideaofwhouwoulduseIND.
C R O L L TO TO P
Digidomain Octoer21,2014
0
Thankouvermuchforanexcellenttutorial!Helpedmetogetind9configuredandworkingproperl.Keepupthegreatwork!
andre8525 Novemer26,2014
0
HiMitchell,
Thankouforthedetailedinstructions.
Ifihaveaout20serversin2racksinthesamedatacenterutareindifferentVlans,whatchangesshallidointheoptions,zonesandreversezone?
Youwrotethatneedtoaddadditionalzonefilesutcanouprovideanexample?
Thankou
Andrew
RinkuY Januar1,2015
0
GreatinfoutHowtofixthiswarning?
OA
Couldnotfindreverseaddressfor2400:c00:2049:1:0:0:adf5:3a33(3.3.a.3.5.f.d.a.0.0.0.0.0.0.0.0.1.0.0.0.9.4.0.2.0.0..c.0.0.4.2.ip6.arpa.).
PTRrecord(s)fortheaddresscouldnotefoundinthe.arpa-zone.(ip6.arpa.forIPv6addressesandin-addr.arpa.forIPv4).
Thankou
chriseun Januar11,2015
0
Nicetutorial.Onesuggestion...Iwoulddefinethenameserverswithan'@'insteadofwhitespaceforoththeforwardandreversezonefiles.namedcheckzonewillfail.
alexshemesh Feruar26,2015
0
Hi.
Icannotmakeitworksomehow.
Idideverthinglikeintutorialuthostnameresolutionwontwork.
Howcanideugtheprolem?LogsonIND9?stemLogs?
naftilos76 Ma4,2015
0
Hi,ihavesetupmowndnsprivateserverwithindUTinsteadofusingseparatevps'siusedonesinglevpsthathasallcomponentsofaserverlike
apache,postfix/dovecotandoffcourseind.However,icannotunderstandwhatthepurposeoftheforwarderslockisinthefilenamed.conf.options
(includednamed.conf).Ireadafewarticlesandiconcludedthatthenameserversinthatlockareusedtodosomeoftherecursiveworkthat
otherwisewouldedoneinditself.However,inmcaseaprivatednsserverthatdoesnotallowrecursivequeriesforandomainotherthanthe
oneshostedinmserverwouldNOTneedtheforwarderslockecauseitonlservesfromits'cache.Ismthinkingcorrect?
Pleaseadvise.
Thanks
Manos
JulioRasec June13,2015
0
hello,everoneI'dlikethatsomeonehelpmewithind9,I'mnewhere
Forexemple:IHaveaMikrotikwithLoadalanceinmschoolwith2links10mps=20mps
andlikeclientaMikrotik1100withraptorCacheinstalledthemachinewithind9andIdliketoconfiguretheind9correnctl...
thismCachewithind9
loadalancelinks192.168.168.1
Client=192.168.50.1
cache=192.168.10.2:82withraptorandind9installed<<<<
DN
domainlocaldomain
searchprox.os.com
nterouremailaddress
nameserver127.0.0.1
nameserver200.165.132.154
nameserver8.8.4.4
nameserver8.8.8.8
ignUp
C R O L L TO TO P
and.pixiesk June19,2015
0
Asalwasthesetutorialsarespotonou'vesavedmI.T.life!
jmorda Jul18,2015
0
Thankouforthistutorial.IthelpsmealotecauseidonotsetupaDNservereverda...
jatsrt August10,2015
0
o,onenoteontheslaveserver.Ifourprimarwentdownandourestartedthesecondar,ouwouldloseourailittoresolve.
Youhave"slaves/"prefixedtooursonefilesontheslave,whichisfine,utIelieveitwillnotproperlcreatethefilesunlessoudothefolowingonthe
slaveserver.
sudomkdir/var/cache/bind/slaves
sudochownbind:bind/var/cache/bind/slaves
sudoservicebind9reload
Thiswillallowittoputthezonefilestodiskandhandlemorefailurescenarios.
radhe2111 eptemer24,2015
0
Hieverone,
Ihavedoneexactllikethistutorial.utwhenIcheckzoneconfigurationsattheendtping"sudonamed-checkzonenc3.example.com
d.nc3.example.com"&
"sudonamed-checkzone128.10.in-addr.arpa/etc/ind/zones/d.10.128",
Igetanerror:*zonenc3.example.comhasnoNrecords.Hencenotloadedduetoerrors.*
Ihavecheckedthezonefilescreatedinthe"Zone"directorin"etc"(accordingtothistutorial),andthereareNrecordsinoththezonefiles.(Inserted
exactllikeinthistutorial).till,Iamgettingthesameerror.
Cananonepleasehelpinthisprolem?
Thankouforourtime.
rookDO
0
MOD
eptemer24,2015
Whatdoesourzonefilelooklike-couldoupotentiallshareourreverse-zonefilefor/etc/ind/zones/d/nc3.example.com?
melioo March23,2016
0
Hi,Iamnotsurewhatiswrongwiththeelow,utIgetanerrorwhenIrunnamed-checkconf
/etc/ind/named.conf.local:11:unknownoption'zone'
/etc/ind/named.conf.local:17:unknownoption'zone'
11zone"la.melina.com"{
12tpemaster;
13file"/etc/ind/zones/d.la.melina.com";
14allow-transfer{10.128.20.12;};
15};
16
17zone"168.192.in-addr.arpa"{
18tpemaster;
19file"/etc/ind/zones/d.168.192";
20allow-transfer{10.128.20.12;};
Cansomeonepleasehavealook?Theracketsseemstoecorrect.
mike101
March26,2016
IfinishedallstepsasshowninthetutorialutitseemsidonothavetheDNsetupcorrectl.WheniamtringtoresolveIP'sfromh3(thefutureD
nterouremailaddress
ignUp
erver)withnslookup,igetthefollowingoutput:
root@h3:~#nslookuph1
erver:2001:4860:4860::8844
Address:2001:4860:4860::8844#53
C R O L L TO TO P
**servercan'tfindh1:NXDOMAIN
nowhereismspecificquestion:
DoIhavetocreateA-RecordsintheDigitalOceanNameserver(viahttps://cloud.digitalocean.com/networking#actions-domains),whichresolvetothe
(pulic/private?!)IPofthehosts,eforestartingthetutorial?Meaningthehostsh1andh2.
Iamaskingthisquestion,ecauseitseemstome,thatthisisaprerequisitinthetutorial,utitisnotnamedexplictl.Thereisshownasmalltalein
the"xampleHosts"-partwherethePrivateFQDNofhost1isshownashost1.nc3.example.com.DoihavetodefinethisprivateFQDNviaanA-Record
oramigettingitwrong?
mike101 March26,2016
gottherightreplfromthegreatDigitalOceansupport.Ifanoneelsegottheprolem:
*Asfortheprolem,thereasonouarehavingthisissueisecausecurrentlourdropletisconfiguredtouseGoogleforDN,whichcaneseen
fromthenslookupcommandouran:
erver:2001:4860:4860::8844
TouseournewprivateDNservers,ouwillwanttomakesurethatourdroplet'sareconfiguredtousethePrivateIP'sofourDNservers(h1and
h2)todoDNlookupstofixthisissue.Todothis,ouwillwanttoedit/etc/network/interfacesandchangethedns-nameserversoptiontopointto
thePrivateIPaddressesofh1andh2,asthiswillthensetourdroplettousethemforDNlookups.Oncechanged,oucanthenreootour
dropletforthesesettingstoappl.:)*
Ihadtoaddthenewclienttotheacl"trustet"ojectin/etc/indnamed.conf.optios,too.
nelsonjonathanscott April21,2016
0
Ihaveaquestion.I'vesetupthemserverasedonourinstructionsanditworkswiththeserversthatI'veaddedwhichisawesome.Ialsowantthedns
servertoautomaticallupdateitsrecordsforallthedifferenthostsonmnetwork.Ihaveroughl80differentmachines,laptopsdesktops,servers,
phonesthatarepullingthereIP'sthroughdhcp.HowdoiconfigurethednsservertocacheallofmnetworkdevicesFQDNsoIcanaccesseach
machineviaitsFQDN.WindowserverDNsomehowdoesthis.Doouhaveaninputonthisprocess?
Thanks,
Jon
thinkingmedia June13,2016
0
Thistutorialismissingfirewallrulesforind9.MakesuretoallowDNotherwisetheclientswillnotresolve.
sudoufwallowind9
nfadita Jul5,2016
0
CreateReverseZoneFile(s)
4thcodelockmentions--ns1.nc3.example.com.afterOA
andafterthatin7thcodelock(whichisthereviewscreenoverthere..)afterOAitmentionsnc3.example.com.
creatingconfusion,notsurewhatIamsupposetodo
andthecounterwastooincrementedto2valuefrom1to3.
pleaseclarif...
Iwentthroughthewholeprocess,andtheserverisupandrunning
ForwardlookupisworkingutReverselookupisnotworkingforme.GettingaRVFAILerror..
Msettingareallsameaslikeours,onldiffeinginsteadof10.128Iamworkingon10.139
pleasehelp,strugglingonthiswholeda:(
nfadita Jul8,2016
Pleaseignore,gotitworking,Imisseda"/"inthereversezonefilepath!orraoutthat!
0
nterouremailaddress
ignUp
fandi Jul18,2016
0
Hi
IhaveprolemwhenichecknslookuponCMDLaptop.
Previousl,IhadcheckedinPuttandtheresultsaresuccessful:
C R O L L TO TO P
#nslookupns1
Server:<myip>
Address:<myip>#53
Name:<mynameserver>
Address:<myip>
ut,whenitronCMDLaptop,showing:
C:\WINDOWS\system32>nslookup<nameserver>
DNSrewuesttimeout.
Server:UnKnown
Address:<otherip>
Thanksefore.
phogan eptemer5,2016
0
WhenIdonslookupapp2(orapp1,ns1,ns2depndingonwhichdropletiamon)IalwasgettheexternalIPaddressofmns1-anideaswhereIhave
gonewrong?Anthinginitalicsarejustplaceholdervalues.
erver:8.8.8.8
Address:8.8.8.8#53
Non-authoritativeanswer:
app2.lon1.domain.comcanonicalname=domain.com.
Name:domain.com
Address:436.202.70.342
LoadMoreComments
ThisworkislicensedunderaCreative
CommonsAttriution-NonCommercialhareAlike4.0InternationalLicense.
Copright2016DigitalOceanInc.
Communit Tutorials Questions Projects Tags Newsletter R
Distros&One-ClickApps Terms,Privac,&Copright ecurit Reportaug GetPaidtoWrite hop
nterouremailaddress
ignUp
C R O L L TO TO P

Configure BIND As A Private Network DNS Server On Ubuntu 14

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Configure BIND As A Private Network DNS Server On Ubuntu 14

Transféré par

Droits d'auteur :

Formats disponibles

Menu

Add"-4"tothe OPTIONS variale.Itshouldlooklikethefollowing:

Aovetheexisting options lock,createanewACLlockcalled"trusted".Thisiswherewewilldefinelistofclientsthatwewillallowrecursive

NowthatwehaveourlistoftrustedDNclients,wewillwanttoeditthe options lock.Currentl,thestartofthelocklookslikethefollowing:

elowthe directory directive,addthehighlightedconfigurationlines(andsustituteintheproperns1IPaddress)soitlookssomethinglikethis:

Nowsaveandexit named.conf.options .Theaoveconfigurationspecifiesthatonlourownservers(the"trusted"ones)willealetoquer

Wewillaseourforwardzonefileonthesample db.local zonefile.Copittotheproperlocationwiththefollowingcommands:

aveandexitthe db.nyc3.example.com file.

Thenadd PTR recordsforallofourserverswhoseIPaddressesareonthesunetofthezonefilethatouareediting.Inourexample,this

elowthe directory directive,addthefollowinglines:

aveandexit named.conf.options .Thisfileshouldlookexactllikens1's named.conf.options fileexceptitshouldeconfiguredtolistenon

Nowrun resolvconf togenerateanew resolv.conf file:

Quering"host1"expandsto"host1.nc3.example.comecauseofthe search optionissettoourprivatesudomain,andDNquerieswillattempt

Vous aimerez peut-être aussi