This guide will teach you how install and configure BIND for your domain and your local network.
- 1 Introduction
- 2 Data used in the examples
- 3 Configuring BIND
- 4 Configuring clients
- 5 Testing
- 6 Protecting the server with iptables
- 7 Acknowledgements
This tutorial will show you how to install and configure BIND, the most used DNS server on Internet. We will configure
bind for your domain using different configurations, one for your local network and one for the rest of the world. We will use views to do that. One view for your internal zone (your local network) and other view for the external zone (rest of the world).
Data used in the examples
|YOUR_DOMAIN||Your domain name||gentoo.org|
|YOUR_PUBLIC_IP||The public ip that ISP gives to you||188.8.131.52|
|YOUR_LOCAL_IP||The local ip address||192.168.1.5|
|YOUR_LOCAL_NETWORK||The local network||192.168.1.0/24|
|SLAVE_DNS_SERVER||The ip address of the slave DNS server for your domain.||184.108.40.206|
|ADMIN||The DNS server administrator's name.||root|
|MODIFICATION||The modification date of the file zone, with a number added||2009062901|
The first thing to configure is /etc/bind/named.conf . The first part of this step is specifying bind's root directory, the listening port with the IPs, the pid file, and a line for ipv6 protocol.
The second part of named.conf is the internal view used for our local network.
The third part of named.conf is the external view used to resolve our domain name for the rest of the world and to resolve all other domain names for us (and anyone who wants to use our DNS server).
The final part of named.conf is the logging policy.
The /var/log/named/ directory must be exist and belong to
Creating the internal zone file
We use the hostnames and IP adresses of the picture network example. Note that almost all (not all) domain names finish with "." (dot).
Creating the external zone file
Here we only have the subdomains we want for external clients (www, mail and ns).
You'll need to add
named to the default runlevel:
Now you can use your own DNS server in all machines of your local network to resolve domain names. Modify the /etc/resolv.conf file of all machines of your local network.
Note that YOUR_DNS_SERVER_IP is the same as YOUR_LOCAL_IP we used in this document. In the picture the example is 192.168.1.5.
We are able to test our new DNS server. First, we need to start the service.
Now, we are going to make some
host commands to some domains. We can use any computer of our local network to do this test. If you don't have
net-dns/host installed you can use
ping instead. Otherwise, first run
emerge host .
Protecting the server with iptables
If you use iptables to protect your server, you can add these rules for DNS service.
We would like to thank the following authors and editors for their contributions to this guide:
- Vicente Olivert Riera