BIND/Guide/en

This guide Article description::details the installation and configuration of BIND for a domain and a local network.

Introduction
BIND is the most used DNS server on Internet. This guide explains how to configure BIND for a domain using different configurations, one for a local network and one for the rest of the world. Two views will be used to do so:


 * 1) View of the internal zone (the local network).
 * 2) View for the external zone (rest of the world).

Installation
First, install.

Configuring /etc/bind/named.conf
The first thing to configure is. The first part of this step is specifying bind's root directory, the listening port with the IPs, the pid file, and a line for IPv6 protocol.

The second part of is the internal view used for our local network.

The third part of is the external view used to resolve our domain name for the rest of the world and to resolve all other domain names for us (and anyone who wants to use our DNS server).

The final part of is the logging policy.

The directory must be exist and belong to  :

Creating the internal zone file
We use the hostnames and IP addresses of the picture network example. Note that almost all (not all) domain names finish with "." (dot).

Creating the external zone file
Here we only have the subdomains we want for external clients (www, mail, and ns).

Finishing configuration
You'll need to add  to the default runlevel:

Configuring clients
Now you can use your own DNS server in all machines of your local network to resolve domain names. Modify the file of all machines of your local network.

Note that YOUR_DNS_SERVER_IP is the same as YOUR_LOCAL_IP we used in this document. In the picture the example is 192.168.1.5.

Testing
We are able to test our new DNS server. First, we need to start the service.

Now, we are going to make some  commands to some domains. We can use any computer of our local network to do this test. If you don't have  installed you can use   instead. Otherwise, first run.

Protecting the server with iptables
When running the DNS service, iptables can be configured with these rules for added protection: