############################################## ### Configuration of DNS on Ubuntu 12.04 LTS ############################################## ### Bind 9 is installed by defult in the base system. root@instructor01:/# dpkg --list | grep bind ii bind9 1:9.8.1.dfsg.P1-4ubuntu0.7 Internet Domain Name Server ii bind9-host 1:9.8.1.dfsg.P1-4ubuntu0.7 Version of 'host' bundled with BIND 9.X ii bind9utils 1:9.8.1.dfsg.P1-4ubuntu0.7 Utilities for BIND ii libbind9-80 1:9.8.1.dfsg.P1-4ubuntu0.7 BIND9 Shared Library used by BIND ii libwbclient0 2:3.6.3-2ubuntu2.6 Samba winbind client library ii rpcbind 0.2.0-7ubuntu1.2 converts RPC program numbers into universal addresses ### Bind 9 is enabled on runlevels 2,3,4 and 5 by default meaning that it's already running. root@instructor01:/# chkconfig --list | grep bind bind9 0:off 1:off 2:on 3:on 4:on 5:on 6:off rpcbind-boot 0:off 1:off 2:off 3:off 4:off 5:off 6:off root@instructor01:/# ps aux | grep bind bind 534 0.0 2.4 167748 13076 ? Ssl 08:31 0:00 /usr/sbin/named -u bind root 15682 0.0 0.1 6460 760 pts/1 S+ 14:26 0:00 grep --color=auto bind ### Important Files and Directories. root@instructor01:/# vi /etc/resolv.conf root@instructor01:/# ls -lh /etc/bind/ total 52K -rw-r--r-- 1 root root 2.4K Mar 28 23:26 bind.keys -rw-r--r-- 1 root root 237 Mar 28 23:26 db.0 -rw-r--r-- 1 root root 271 Mar 28 23:26 db.127 -rw-r--r-- 1 root root 237 Mar 28 23:26 db.255 -rw-r--r-- 1 root root 353 Mar 28 23:26 db.empty -rw-r--r-- 1 root root 270 Mar 28 23:26 db.local -rw-r--r-- 1 root root 3.0K Mar 28 23:26 db.root -rw-r--r-- 1 root bind 463 Mar 28 23:26 named.conf -rw-r--r-- 1 root bind 490 Mar 28 23:26 named.conf.default-zones -rw-r--r-- 1 root bind 165 Mar 28 23:26 named.conf.local -rw-r--r-- 1 root bind 890 Jul 24 22:32 named.conf.options -rw-r----- 1 bind bind 77 Jul 24 22:32 rndc.key -rw-r--r-- 1 root root 1.3K Mar 28 23:26 zones.rfc1918 root@instructor01:/# vi /etc/bind/named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 41.204.164.3; // 41.89.1.4; //}; listen-on { 192.168.0.10; }; // acl kenet_training { // 192.168.0.0/24; // }; recursion yes; # uncomment this if you want your a caching DNS Server. It is the default. // recursion no; # uncomment this if you want your an authoritative DNS Server. # note: use 'allow-recursion' instead if your # nameserver is both caching and authoritative. allow-query { 127.0.0.1; 192.168.0.0/24; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; ### Test the dns server for the localhost domain. root@instructor01:/# dig localhost ; <<>> DiG 9.8.1-P1 <<>> localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37203 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 604800 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 14:52:52 2013 ;; MSG SIZE rcvd: 85 root@instructor01:/# clear root@instructor01:/# dig -x 127.0.0.1 ; <<>> DiG 9.8.1-P1 <<>> -x 127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59667 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;1.0.0.127.in-addr.arpa. IN PTR ;; ANSWER SECTION: 1.0.0.127.in-addr.arpa. 604800 IN PTR localhost. ;; AUTHORITY SECTION: 127.in-addr.arpa. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN A 127.0.0.1 localhost. 604800 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 14:53:22 2013 ;; MSG SIZE rcvd: 121 ################## ### Create a zone ################## root@instructor01:/# cat /etc/bind/named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "instructor" { type master; file "/etc/bind/instructor.local"; }; ### Create the zone file and add the resource records of your choice. root@instructor01:/# cat /etc/bind/instructor.local ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA instructor. hezron.instructor. ( 2013082000 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS instructor. @ IN A 192.168.0.10 @ IN MX 10 mail @ IN MX 20 barua www IN A 192.168.0.50 mail IN A 192.168.0.20 barua IN A 192.168.0.21 ftp IN A 192.168.0.25 root@instructor01:/# ###Restart Bind root@instructor01:/# /etc/init.d/bind9 restart * Stopping domain name service... bind9 [ OK ] * Starting domain name service... bind9 [ OK ] root@instructor01:/# root@instructor01:/# dig localhost ; <<>> DiG 9.8.1-P1 <<>> localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19633 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;localhost. IN A ;; ANSWER SECTION: localhost. 604800 IN A 127.0.0.1 ;; AUTHORITY SECTION: localhost. 604800 IN NS localhost. ;; ADDITIONAL SECTION: localhost. 604800 IN AAAA ::1 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 16:28:00 2013 ;; MSG SIZE rcvd: 85 ### Run configuration and zone checks. root@instructor01:/# named-checkconf root@instructor01:/# named-checkzone instructor /etc/bind/instructor.local zone instructor/IN: loaded serial 2013082000 OK ### Test using the dig command. root@instructor01:/# dig mail.instructor ; <<>> DiG 9.8.1-P1 <<>> mail.instructor ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12592 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;mail.instructor. IN A ;; ANSWER SECTION: mail.instructor. 604800 IN A 192.168.0.20 ;; AUTHORITY SECTION: instructor. 604800 IN NS instructor. ;; ADDITIONAL SECTION: instructor. 604800 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 19:27:33 2013 ;; MSG SIZE rcvd: 79 root@instructor01:/# dig barua.instructor ; <<>> DiG 9.8.1-P1 <<>> barua.instructor ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60514 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;barua.instructor. IN A ;; ANSWER SECTION: barua.instructor. 604800 IN A 192.168.0.21 ;; AUTHORITY SECTION: instructor. 604800 IN NS instructor. ;; ADDITIONAL SECTION: instructor. 604800 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 19:27:38 2013 ;; MSG SIZE rcvd: 80 root@instructor01:/# dig www.instructor ; <<>> DiG 9.8.1-P1 <<>> www.instructor ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35922 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.instructor. IN A ;; ANSWER SECTION: www.instructor. 604800 IN A 192.168.0.50 ;; AUTHORITY SECTION: instructor. 604800 IN NS instructor. ;; ADDITIONAL SECTION: instructor. 604800 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 19:27:43 2013 ;; MSG SIZE rcvd: 78 root@instructor01:/# dig ftp.instructor ; <<>> DiG 9.8.1-P1 <<>> ftp.instructor ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64974 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;ftp.instructor. IN A ;; ANSWER SECTION: ftp.instructor. 604800 IN A 192.168.0.25 ;; AUTHORITY SECTION: instructor. 604800 IN NS instructor. ;; ADDITIONAL SECTION: instructor. 604800 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 19:27:48 2013 ;; MSG SIZE rcvd: 78 root@instructor01:/# dig instructor mx ; <<>> DiG 9.8.1-P1 <<>> instructor mx ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 3 ;; QUESTION SECTION: ;instructor. IN MX ;; ANSWER SECTION: instructor. 604800 IN MX 20 barua.instructor. instructor. 604800 IN MX 10 mail.instructor. ;; AUTHORITY SECTION: instructor. 604800 IN NS instructor. ;; ADDITIONAL SECTION: mail.instructor. 604800 IN A 192.168.0.20 barua.instructor. 604800 IN A 192.168.0.21 instructor. 604800 IN A 192.168.0.10 ;; Query time: 0 msec ;; SERVER: 192.168.0.10#53(192.168.0.10) ;; WHEN: Tue Aug 20 19:27:53 2013 ;; MSG SIZE rcvd: 133 root@instructor01:/# ### IS FINISHED!!!