banner Debian GNU/Linux

Linux DNS server


This is part of a write-up of an attempt to use Linux as a "Small Business Server", and describes a simple the DNS configuration.

DNS is rather more complex than ftp or dhcp, and this is reflected in the configuration files. You have the congifuration files, which mainly set parameters for the dns server (options, names of dns zones, ...) and refer to zone files. These zone files, in turn, contain the data for a particular dns zone (addresses, host names, ...).

/etc/bind/named.conf, the main named configuration file, is (in Debian) composed of 3 separate files, so that named.conf proper can be left alone, and all customazition / local configuration can be done in 2 dedicated files : /etc/bind/named.conf.options and named.conf/local.

etc/bind/named.conf

default configuration that every dns server needs. No need to change anything here - except if you really know what you're doing.

/etc/bind/named.conf.options

configuration for you dns server : source port and forwarders, so that your dns server can query 'forwarders', eg. your ISP's DNS servers. As you now know the adress and port of your dns server, and of the dns servers it will talk to, it's also easy to only allow these src/dest address/port combinations in a firewall rule (and block any other real or spoofed dns traffic).

	options {
		directory "/var/cache/bind";

		// BIND 8.1 and later use an unprivileged port by default. If your DNS server is behind a firewall and 
		// you need to talk to servers ouside, you may want to specify the src port for your server.

		query-source address * port 53;

		// If your ISP provided one or more IP addresses for stable nameservers, 
		// you probably want to use them as forwarders.  

		forwarders {
				195.130.132.53;
				212.31.2.2;
		};

		auth-nxdomain no;    # conform to RFC1035

	};

/etc/bind/named.conf.local

local configuration, i.e. the dns zone(s) relevant to your home/small office network

	//forward lookup zone for domain sillysoft.yz

	zone "sillysof.yx" {
		type master;
		file "/etc/bind/db.sillysoft";
	};


	// reverse lookup zone for 192.168.10.0/24, the sillysof.yz address range
	
	zone "10.168.192.in-addr.arpa" {
		type master;
		file "/etc/bind/db.reverse192.168.10";
	};

Zone files

For each zone created in /etc/bind/named.conf.local, you need to create a zone file : a 'database' (in fact a plain text file) that maps names to ip adresses (forward lookup), or adresses to host names (reverse lookup). These databases are referenced by their file name in named.conf/local.

forward lookup zone file : /etc/bind/db.sillysoft

	$TTL 3D 
	@ 	IN 	SOA 	ns.sillysoft.yx. nedadmin.sillysoft.be (
				200510281	; serial
				8H		; refresh
				2H		; retry
				4W		; expire
				1D)		; minimum
	;
			NS 	ns ;
	;
	;
	;
	ns		A	192.168.10.1
	kdunix		A	192.168.10.1
	www		CNAME	kdunix
	intranet	CNAME	www
	stargate	A	192.168.10.254

reverse lookup zone file : /etc/bind/db.reverse192.168.10

The reverse lookup zone file resembles the forward lookup file, except that it contains pointer records (PTR) that map adresses to names

	$TTL 3D 
	@ 	IN 	SOA 	ns.sillysoft.yx. nedadmin.sillysoft.be. (
				200510281	; serial
				8H		; refresh
				2H		; retry
				4W		; expire
				1D)		; minimum

			NS	ns.sillysoft.yx.
	
	1		PTR	ns.sillysoft.yx.
	254		PTR	stargate.sillysoft.yx

Done ...

At this point, the server can act as its own dns server, so the references to external dns servers in /etc/resolv.conf can be removed. (You had it there to make the network installation work)

Then, finally, you need to tell the server to reload the databases - or restart the dns service for all changes to take effect :

	rndc reload  || /etc/init.d/bind9 restart

More ...

This was a simple setup - it doesn't get any simplier than that. More elaborate DNS configuration can be found in the Linux DNS HOW-TO.

Actually, it does get simplier than that : you can install dnsmasq - a simple caching/forwarding DNS server, combined with a dhcp server. It uses the /etc/hosts file as its zone file, and knows the addresses of dhcp clients (and, usually, also their names).


Koen Noens
October 2005