Use BIND to create a DNS server on Linux

Thanks to the excellent reliability of Linux, we can safely run all kinds of important service programs necessary for the Internet era on Linux. As a result, the most common use of Linux includes the use of mail servers, Web servers, and DNS servers.

Next we will study how to create a DNS server using BIND on Red Hat Linux. BIND (Berkeley Internet Name Domain) is a Domain Name resolution service package implemented on UNIX/Linux systems. We will learn the installation, initial configuration, and system settings required to establish and run a DNS server on Linux.

In this article, we use Red Hat as an example, so you may want to use the RPM version of BIND, you can find it by searching www.rpmfind.net, the RPM release package is the easiest way to install BIND. After downloading the RPM of BIND, such as the bind-9.1.0-10.i386.rpm, You need to execute the rpm-ivh bind-9.1.0-10.i386.rpm command as a superuser. When installing BIND with RPM, check for any missing dependencies that may cause installation failure.

If you prefer to install it from a source package, run the tar xvfz bind-9.1.3.tar.gz command as a superuser to decompress it after downloading a file such as bind-9.1.3.tar.gz. In this example, a directory named bind-9.1.3 is generated, which contains all the files necessary for installation. In the next step, enter the newly created directory and execute the./configure command. After the script completes all the configuration work, run make, and then run make install to complete the installation process. Now you should have installed the basic configuration BIND in your system, and then adjust it as needed.

Configure BIND

After BIND is installed in the system, you can configure it in multiple ways. One of the two most common methods is to use ISP-type settings. The DNS Server accepts and resolves requests from anyone (or a set of pre-defined users), and the other is the Web host mode, the server only parses requests to the service domain name. When the purpose of the server changes, you can change the configuration type at any time.

The DNS server can be either a master server or a secondary server. The master server, also known as the master server, is the final source for determining domain names. The master server is also the source of zone transfer to the secondary server. The secondary server receives information from all zones of the master server. A common mistake is to try to change the zone database file on the second-level server without changing the zone file on the master server ). Why do we need two servers? It is a good idea to use redundancy in any configuration, which is a native part of BIND and DNS. Fortunately, adding a second Linux server as a secondary DNS server in the IDC will not affect your budget.

Remember that when there are two types of servers, the master server can also serve as a secondary server for other domains. In most ISP environments, you can see this situation. The customer has its own master DNS server and uses the ISP as a secondary server for backup purposes. This type of configuration and almost all other configuration items in BIND are completed through the named. conf file. This file stores server information and zone information in plain text. See Table.

Named. conf file example

 
 

  
  
options {  
  
  
notify-source 10.0.0.2;  
  
  
pid-file "/var/run/named.pid";  
  
  
};  
  
  
zone "." {  
  
  
type master;  
  
  
file "root.db";  
  
  
};  
  
  
zone "example.com" {  
  
  
type master;  
  
  
file "/var/named/sample.com.zone";  
  
  
}; 
 
 

The DNS server has a variety of available options. If you need a special installation method, I suggest you read the attached documents. In the preceding example, notify-source indicates where the server sends the NOTIFY y message, this message is sent to the secondary server when the master server detects changes to the zone database file. The pid-file option is only the path that tells the daemon server to write ID information, usually/var/run/named. pid, but you can change the directory layout as needed.

In the preceding example, the first registry is used to notify BIND where to locate the root server information. The server sends and receives not only your own domain information, but also all domain information on the Internet. Not every server has a registration entry for each domain name, but every server knows how to obtain information. Of course, the list will be updated on a regular basis, so it should also be recorded on a regular basis.

In named. in the conf example file, the second Registry item is a "master" Domain item, meaning that the DNS server stores valid information of example.com, all other DNS servers on the Internet will use it to refer to any information related to this domain. The Example.com item references the/var/named/sample.com. zone file. This is a plain text file that tells the DNS server all information about example.com, including the serial value, refresh rate, all DNS records, and other items. Table B shows an example of a database file in this zone.

DNS database file example

 
 

  
  
@ IN SOA ns1.sample.com. (  
  
  
200101111 ;serial  
  
  
14400 ;refresh after 4 hours  
  
  
3600 ;retry after 1 hour  
  
  
604800 ;expire after 1 week  
  
  
86400) ;minimum TTL of 1 day  
  
  
;  
  
  
;Nameservers  
  
  
;  
  
  
IN NS ns1.sample.com. ;  
  
  
IN NS ns2.sample.com. ;  
  
  
;  
  
  
;Domain Mail Handlers  
  
  
;  
  
  
sample.com. IN MX 10 mail  
  
  
;  
  
  
;Hosts in order  
  
  
;  
  
  
www IN A 212.204.219.71 
  
  
ftp IN A 212.204.219.71 
  
  
mail IN A 212.204.219.71 
  
  
pop IN CNAME mail 
 
 

SOA is the abbreviation of Start of Authority. All zone files must Start with it. The serial number (serial) enables the server to record the updates made. After the daemon starts last time, as long as the number increases, it will read the information into the database again. For example, you can add a number after each update starting from 0, or use a date item such as 200101111. This is useful because it allows you to view the occurrence of the last update and see whether there have been many updates in a day. The next four rows process the refresh and timeout cycles in seconds. If the BIND database has not been refreshed manually or within the server range, the server will automatically read the information again. You do not need to change the values listed here frequently. You need to modify these values only when the domain changes their information very frequently for some reason. The domain name is listed, so that the BIND will know who controls the entire domain.

The MX record is listed next, which enables the server to know what information should be sent when an email message request sample.com. In this example, the priority of mail.samle.com is 10. You can list multiple MX records as backup for the mail server. The smaller the number, the higher the priority. It should be noted that there is also A corresponding A record that provides the mail.sample.com IP address, which is essential, so that the DNS server can know how to directly send mail requests to where based on the domain. A record only assigns an IP address to A subdomain, such as www, mail, ftp, or ns. These must be entered in the preceding format and associated with an IP address. For example, when a user requests www.sample.com, it will be directed to the IP address of the Web server where the domain is located 212.104.219.71.

In the above example, there is also a cname item. CNAME refers to the canonical name, which is used to specify the alias of the IP address. When using these aliases, you still need to refer back to the record that has been used.

The secondary server section has read the master server section in name. conf. Let's take a look at the secondary server section:

 
 

  
  
zone "sample2.com" {  
  
  
type slave;  
  
  
file "/var/named/sample2.com.zone";  
  
  
master { 10.0.0.1; }; 
 
 

The two major differences are type items, which can be either the master node or the slave node, and the IP address is specified as the master DNS server. Others are the same as Master items.

Start BIND

The program used to start the DNS service is named, which is read as "name D ". You can run this program by executing the/etc/rc. d/init. d/named start command. If the server is already running, you can use the restart command. This script should be put into the correct directory during installation, and it runs at startup to initialize the server. You should always run the ps aux command to check whether the named has been run. This command will list the current list of all processes.

The source of this article is no longer available. If you are the author of this article or know who the author is, please contact this article by email. Thank you!