Build a Domain Name Server using Bind in Linux

Source: Internet
Author: User
Tags domain name server nslookup nxdomain

The school's DNS Server is a Linux operating system. When it is bound to DNS, it is always a problem, and often the client computer cannot get the correct resolution. So I studied the bind software for binding domain names in Linux.

I use Ubuntu 10.04 locally. I updated the bind software to the latest bind9 before using it.

Bind uses port 53 for communication, including exchanging resolution information with other DNS servers. Therefore, this product cannot be used by other programs.
The difference between bind8 and bind9 (the original text is provided for self-translation)
In addition to multithreading and program code refactoring, this provides better stability and security. There are other differences:

Apart from being multi-threaded, and a complete code rewrite-which shoshould provide better stability and security in the long term, there are other differences

If there is a syntax error in the named. conf file, BIND9 will write it to the log file and no longer restart the Domain Name Server. BIND8 will record the log and the service will die.

If there is a syntax error in named. conf, BIND9 will log errors and not reload the named server. BIND8 will log errors and the daemon will die!

TSIGs (shared keys) extension support for obtaining control. For example, "update-policy" can obtain control to dynamically update data.

Extensive support of TSIGs (shared keys) for access control, for example, "update-policy" can be used for fine grained access control of dynamic updates.

The rndc and bind8 ndc are different-different communication, authorization, and features.

The tool for starting/stopping/reloading etc., rndc is different from the v8 ndc-different communications, authentication and features.

The syntax of the region configuration file is stricter (for example, TTL rows must exist)

Syntax in zone files is more rigorously checked (e.g. a TTL line must exist)

Settings for the named. conf file

Bind8's "check-names" and "statistics-interval" settings are not migrated to bind9.

V8 options 'check-names' and 'statistics-interval' are not yet implemented in V9.

The default value of "auth-nxdomain" is "no". If you do not set this item manually, bind9 will generate a log message at startup.

The default for the option 'auth-nxdomain 'is now 'no', if you don't set this manually, BIND 9 logs a corresponding message on startup.

The root Domain Name Server list. In bind8, named. root or root. hints does not need to be set in BIND9 because it has been included by the server by default.

The root server list, often called named. root or root. hints in BIND8 is not necessary in BIND 9, as it is already ded within the server.

Install bind in Ubuntu

Sudo apt-get install bind9 dnsutils

Configure bind

Sudo vi/etc/bind/named. conf. local

Modify this file and add the following content to it:

Zone "myqdc.com "{
Type master;
File "/etc/bind/zones/myqdc.com. db ";
};
Zone "100.168.192.in-addr. arpa "{
Type master;
File "/etc/bind/zones/rev.100.168.192.in-addr. arpa ";
};
Zone "myqdc.com" {type master; file "/etc/bind/zones/myqdc.com. db ";};

Zone "100.168.192.in-addr. arpa" {type master; file "/etc/bind/zones/rev.100.168.192.in-addr. arpa ";};

Here, change myqdc.com to the corresponding domain name, And my local IP address is 192.168.100.100. Then, of course, we need to create two new files, myqdc.com. db (used to configure resolution records, such as A and CNAME), rev.100.168.192.in-addr. arpa (reverse resolution configuration file)

Myqdc.com. db needs to be placed in the/etc/bind/zones folder. The content is as follows:

Myqdc.com. in soa ns1.myqdc.com. admin.myqdc.com .(
2007031001

28800

3600

604800

38400

)

Myqdc.com. in ns ns1.myqdc.com.

Www in a 221.215.217.101

* In a 221.215.217.101

Do not modify the content in the brackets. The corresponding domain name and IP address can be changed according to the actual situation. The last line
* In a 221.215.217.101
A wildcard domain name resolution is configured. It is normal after testing.
Next, put the file rev.100.168.192.in-addr. arpa in the zones folder. The content is as follows:
@ In soa ns1.myqdc.com. admin.myqdc.com .(
2007031001;
28800;
604800;
604800;
86400
)
In ns ns1.myqdc.com.
100 in ptr myqdc.com.
In the last line, because my IP address is 192.168.100.100, the last eight digits of the IP address are 100.
Next, try to restart the service:
Service bind9 restart
If the connection refuced fail information appears, proceed with the following steps:
Regenerate rndc. conf
Rndc-confgen>/etc/bind/rndc. conf
Copy the comments under rndc. conf to the/etc/bind/rndc. key File and remove.
Add a line at the end of the/etc/bind/named. conf file:
Include "/etc/bind/rndc. key ";
Run named-g to check whether there is any error. If so, follow the prompts to modify the configuration file.
In the last step, you can perform the test:
Modify the/etc/resolv. conf file and add a line before all rows starting with nameserver:
Nameserver 192.168.100.100
The IP address is the address of the DNS server you set up.
Then restart the service:
Service bind9 restart
Nslookup:
Root@www.linuxidc.com-laptop:/etc/bind/zones # nslookup www.linuxidc.com
Server: 192.168.100.100
Address: 192.168.100.100 #53
Name: www.linuxidc.com
Address: 221.215.217.101
Due to the configuration of wildcard parsing, so:
Root@www.linuxidc.com-laptop:/etc/bind/zones

# Nslookup www.linuxidc.net
Server: 192.168.100.100
Address: 192.168.100.100 #53
Name: www.linuxidc.net
Address: 221.215.217.101
Run the dig command to view more detailed DNS query information:
Root@www.linuxidc.com-laptop:/etc/bind/zones # dig www.linuxidc.com
; <> DiG 9.7.0-P1 <> www.linuxidc.com
; Global options: + cmd
; Got answer:
;-> HEADER <-opcode: QUERY, status: NOERROR, id: 40293
; Flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
; Question section:
Www.linuxidc.com. IN
; Answer section:
Www.linuxidc.com. 38400 in a 221.215.217.101
; Authority section:
Myqdc.com. 38400 in ns ns1.myqdc.com.
; Additional section:
Ns1.myqdc.com. 38400 in a 221.215.217.101
; Query time: 0 msec
; SERVER: 192.168.100.100 #53 (192.168.100.100)
; WHEN: Mon Apr 4 11:34:21 2011
; Msg size rcvd: 81
Now, the DNS service has been set up successfully.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.