DNS server is very usefull when we access any website on the internet. The usability is providing an correct ip address of website or host on the internet to the user, so we don’t have to memorize the ip address since host and website is defined by its ip address. Most people usually use DNS server provide by their domain registrar, but as an network administrator, we have to know how to build our own DNS server, so we can manage and maintenance our system optimaly. DNS server has several function, one of them is an authoritative DNS server which responsible for return an answer to recursive DNS for spesific domain that is configured by administrator. This article will guide you to configure authoritative DNS server step by step with bind on debian server.
Configure the master – slave dns server, it means we have to configure 2 server, one will be the master where the data of domain name is stored and the other will be the slave which receive domain name data from the master and will be available when the other server goes down. The configuration will be like this:
SERVER
|
DOMAIN NAME
|
IP ADDRESS
|
Master DNS Server
|
ns1.netlabinfo.com
|
10.11.12.1
|
Slave DNS Server
|
ns2.netlabinfo.com
|
10.11.12.2
|
Web Server
|
|
10.11.12.3
|
CONFIGURE BOTH
SERVER
Before setup our master and
slave server, we have to install bind and configure the hostname first on both
server. Install bind with command
sudo apt-get install bind9 bind9utils bind9-doc
okay, now we have to configure the hostname file, open /etc/hosts :
the host file
will be similar below, now we have to change the second line according to our
ip address and hostname
127.0.0.1 localhost
127.0.1.1 netlabinfo
the
configuration will be like this
127.0.0.1 localhost
10.11.12.1 ns1.netlabinfo.com
...
Next, we have to
confiture the other server too.
127.0.0.1 localhost
10.11.22.2 ns2.netlabinfo.com
...
CONFIGURE THE
MASTER DNS
Okay, first we
should make sure the recursion is disabled, open the option file
nano /etc/bind/named.conf.options
the file will be simillar like this
options {
directory
"/var/cache/bind";
....
auth-nxdomain
no; # conform to RFC1035
listen-on-v6
{ any; };
};
Disable recursion fiture by adding command in the option file, the file will look like this.
options {
directory
"/var/cache/bind";
` ....
recursion
no;
allow-transfer { none; };
auth-nxdomain
no; # conform to RFC1035
listen-on-v6
{ any; };
};
Then we have to configure your zone file, open named.conf.local
nano /etc/bind/named.conf.local
initially, the
file will be empty beside the comment, so we need to configure the zone file
according to your ip address and your domain. First add the following script:
zone "netlabinfo.com" {
type
master;
file
"/etc/bind/zone/db.netlab";
allow-transfer { 10.11.12.2; };
};
As you can see, this scripts is defined your domain, the type of your dns server (master or slave), the file name of your forwarder file and the ip of your slave dns server. after that we add the reverse script. when you specify the ip address, you must add the net id part of your ip address and the writing should be flipped, so if your ip address is 10.11.12.1/24 then you should write 12.11.10.in-addr.arpa. the reverse script will be similar like this.
zone "12.11.10.in-addr.arpa" {
type
master;
file
"/etc/bind/zone/db.10";
};
after the configuration the zone file will be similar like this
include "/etc/bind/zones.rfc1918";
zone "netlabinfo.com" {
type
master;
file
"/etc/bind/zone/db.netlab";
allow-transfer { 10.11.12.2; };
zone "12.11.10.in-addr.arpa" {
type
master;
file
"/etc/bind/zone/db.10";
};
Save and exit the zone file,
after the zone file we have to create our forwarder and reverse file. the forwarder usability is to forward the domain to the correct ip address, and the reverse file is otherwise, it’s turn the the ip address into its domain. okay make the directory name zone in /etc/bind for reverse and forwarder file
next, we create the forwarder and reverse file, just copy the default file, So we don’t have to type all command from the beginning. Make sure the name is suitable with the zone file that we configure earlier. Forwarder file name is db.netlab and the reverse file is db.10.
cp /etc/bind/db.local /etc/bind/zone/db.netlab
cp /etc/bind/db.127 /etc/bind/zone/db.10
open the
db.netlab with your text editor, we will create forwarder file first
nano /etc/bind/zone/db.netlab
and the file
will looks like this.
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost.
root.localhost. (
2 ;
Serial
604800 ;
Refresh
86400 ;
Retry
2419200 ; Expire
604800 ) ;
Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
Edit the default forwarder file into this following configuration.
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.netlabinfo.com.
admin.netlabinfo.com. (
2 ;
Serial
604800 ;
Refresh
86400 ;
Retry
2419200 ; Expire
604800 ) ;
Negative Cache TTL
;
netlabininfo.com IN NS ns1.netlabinfo.com.
netlabininfo.com IN NS ns2.netlabinfo.com.
ns1 IN A 10.11.12.1
ns2 IN A 10.11.12.2
@ IN A 10.11.12.3
www IN A 10.11.12.3
now we configure the reverse file, open db.10 with text editor
nano /etc/bind/zone/db.10
and you will see the following script
;
; BIND reverse data file for local loopback
interface
;
$TTL 604800
@ IN SOA localhost.
root.localhost. (
5 ;
Serial
604800 ;
Refresh
86400 ;
Retry
2419200 ; Expire
604800 ) ;
Negative Cache TTL
;
@ IN NS localhost.
1 IN PTR localhost.
Okay now, configure your reverse file. the configuration will be similar like this.
$TTL 604800
@
IN SOA netlabinfo.com. admin.netlabinfo.com. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative TTL
)
;
; Name servers
IN NS ns1.example.com.
IN NS ns2.example.com.
; PTR records
1
IN PTR ns1.example.com.
2
IN PTR ns2.example.com.
3
IN PTR
www.example.com.
What we configured in forwarder and reverse file is called dns resources record, this is the dns resource record list explaination.
NS
|
Specifies the
nameserver
|
A
|
Return The IP Address,
usually use in forwarder file
|
PTR
|
Return The Domain name
usually use in reverse file
|
CNAME
|
For aliasing the
nameserver that is defined by A record
|
MX
|
define the mail
exchanges that are used for the domain. This helps email messages arrive at
your mail server correctly.
|
SOA
|
Specifies authoritative
information about a DNS zone, including the primary name server, the email of
the domain administrator, the domain serial number, and several timers
relating to refreshing the zone.
|
As you can see. There some parameters in SOA record, this is the list explaination.
serial
|
The usability is like
your version number of your zone. When you change your zone or your master
dns, you must increment it so the slave server will update your newest
configuration.
|
refresh
|
The interval time for
slave server to adjust configuration to its master
|
retry
|
If the refresh period
is run out, then the slave server will wait omount this time and will retry
to contact its master
|
expire
|
specify the expiry
period, if the slave server can’t contact its master for amount of time. it no longer returns
responses as an authoritative source for this zone
|
negative ttl
|
This is the amount of
time that the name server will cache a name error if it cannot find the
requested name in this file.
|
That is the master
configuration. The last step is restart your bind server with this following
command
/etc/init.d/bind9 restart
CONFIGURE THE SLAVE DNS
okay now we have already configured the master server, it’s time to setup the slave server. different from the master server, the slave configuration is more simple and easier than the master server.
okay, first thing to do is disable recursion fiture. Open the option named with nano editor
nano /etc/bind/named.conf.options
the file will be similar like this
options {
directory
"/var/cache/bind";
....
auth-nxdomain
no; # conform to RFC1035
listen-on-v6
{ any; };
};
Disable recursion fiture by adding command in the option file, the file will look like this.
options {
directory
"/var/cache/bind";
` ....
recursion
no;
allow-transfer { none; };
auth-nxdomain
no; # conform to RFC1035
listen-on-v6
{ any; };
};
After that open the zone file with nano editor. We have to define that our server is slave server and define the ip of master dns server
nano /etc/bind/named.conf.local
configure your zone file similar like this.
include "/etc/bind/zones.rfc1918";
zone "netlabinfo.com" {
type slave;
file "db.netlab";
masters { 10.11.12.1; };
zone "12.11.10.in-addr.arpa" {
type master;
file "db.10";
masters { 10.11.12.1; };
};
Save and exit your configuration. That is the slave configuration and restart your bind server
/etc/init.d/bind9 restart
Okay after configure the master and slave server, you have to make sure that your configuration is working correctly. Type this following command
if this return without any error, it means your server is working correctly. That is the master and slave configuration. The last step is you have to speciry your master and slave dns server in your domain registrar. find the control panel and specify the ip address of your master and slave dns server.