Ubuntu DNS Server Guide - BIND Master Server Setup

14 Comment(s)

1. Thanks for the article. The only problem I had was with the mydomain.lan.db file. Line 5 has a colon instead of a semi-colon, so you get this error when you start BIND: unknown RR type ‘Importantly’. Once I changed this everything was fine.

   Alan Field | Dec 24, 2007 | Reply

2. @Alan - Thanks for the feedback, I corrected the typo you mentioned.

   Sam | Dec 24, 2007 | Reply

3. Thanks for the articles.

   I was not able to get this one to work though, I probably screwed something up. Please help me figure out where I went wrong.

   named.conf file minus the rndc-key section
   // This is the primary configuration file for the BIND DNS server named.
   //
   // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
   // structure of BIND configuration files in Debian, *BEFORE* you customize
   // this configuration file.
   //
   // If you are just adding zones, please do that in /etc/bind/named.conf.local

   include “/etc/bind/named.conf.options”;

   // prime the server with knowledge of the root servers
   zone “.” {
   type hint;
   file “/etc/bind/db.root”;
   };

   // be authoritative for the localhost forward and reverse zones, and for
   // broadcast zones as per RFC 1912

   zone “localhost” {
   type master;
   file “/etc/bind/db.local”;
   };

   zone “127.in-addr.arpa” {
   type master;
   file “/etc/bind/db.127″;
   };

   zone “0.in-addr.arpa” {
   type master;
   file “/etc/bind/db.0″;
   };

   zone “255.in-addr.arpa” {
   type master;
   file “/etc/bind/db.255″;
   };

   // zone “com” { type delegation-only; };
   // zone “net” { type delegation-only; };

   // From the release notes:
   // Because many of our users are uncomfortable receiving undelegated answers
   // from root or top level domains, other than a few for whom that behaviour
   // has been trusted and expected for quite some length of time, we have now
   // introduced the “root-delegations-only” feature which applies delegation-only
   // logic to all top level domains, and to the root domain. An exception list
   // should be specified, including “MUSEUM” and “DE”, and any other top level
   // domains from whom undelegated responses are expected and trusted.
   // root-delegation-only exclude { “DE”; “MUSEUM”; };

   include “/etc/bind/named.conf.local”;
   server 68.105.29.12 {
   };
   server 68.105.28.12 {
   };
   server 68.105.28.11 {
   };

   named.conf.options file
   options {
   directory “/etc/bind”;

   // If there is a firewall between you and nameservers you want
   // to talk to, you might need to uncomment the query-source
   // directive below. Previous versions of BIND always asked
   // questions using port 53, but BIND 8.1 and later use an unprivileged
   // port by default.

   // query-source address * port 53;

   // If your ISP provided one or more IP addresses for stable
   // nameservers, you probably want to use them as forwarders.
   // Uncomment the following block, and insert the addresses replacing
   // the all-0’s placeholder.

   forwarders {
   192.168.1.1;
   68.105.28.12;
   68.105.28.11;
   68.105.29.12;
   };

   auth-nxdomain no; # conform to RFC1035
   listen-on-v6 { any; };
   };

   named.conf.local file
   //
   // Do any local configuration here
   //

   // Consider adding the 1918 zones here, if they are not used in your
   // organization
   //include “/etc/bind/zones.rfc1918″;
   zone “teststr.lan” IN {
   type master;
   file “/etc/bind/zones/teststr.lan.db”;
   };

   zone “1.168.192.in-addr.arpa” {
   type master;
   file “/etc/bind/zones/rev.1.168.192.in-addr.arpa”;
   };

   teststr.lan.db file
   ; Use semicolons to add comments.
   ; Host-to-IP Address DNS Pointers for mydomain.lan
   ; Note: The extra “.” at the end of addresses are important.
   ; The following parameters set when DNS records will expire, etc.
   ; Importantly, the serial number must always be iterated upward to prevent
   ; undesirable consequences. A good format to use is YYYYMMDDI where
   ; the I index is in case you make more that one change in the same day.
   teststr.lan. IN SOA ubuntusvr.teststr.lan. hostmaster.teststr.lan. (
   200801026
   8H
   4H
   4W
   1D )
   ; NS indicates that john is the name server on mydomain.lan
   ; MX indicates that john is (also) the mail server on mydomain.lan
   teststr.lan. IN NS ubuntusvr.teststr.lan.
   teststr.lan. IN MX 10 ubuntusvr.teststr.lan.
   ; Set an alias (canonical name) for ubuntusvr
   www IN CNAME ubuntusvr.teststr.lan.
   ; Set the address for localhost.teststr.lan
   localhost.teststr.lan. IN A 127.0.0.1
   ; Set the hostnames in alphabetical order
   dlinkpr.teststr.lan. IN A 192.168.1.20
   hp2600n.teststr.lan. IN A 192.168.1.25
   mfc7820n.teststr.lan. IN A 192.168.1.26
   router.teststr.lan. IN A 192.168.1.1
   strap.teststr.lan. IN A 192.168.1.245
   ubuntusvr.teststr.lan. IN A 192.168.1.109

   rev.1.168.192.in-addr.arpa file
   ; IP Address-to-Host DNS Pointers for 192.168.1.0 subnet
   @ IN SOA ubuntusvr.teststr.lan. hostmaster.teststr.lan. (
   200801024
   8H
   4H
   4W
   1D )
   ; define the authoritative name server
   IN NS ubuntusvr.teststr.lan.
   ; our hosts, in numeric order
   20.1.168.192.in-addr.arpa. IN PTR dlinkpr.teststr.lan.
   25.1.168.192.in-addr.arpa. IN PTR hp2600n.teststr.lan.
   26.1.168.192.in-addr.arpa. IN PTR mfc7820n.teststr.lan.
   1.1.168.192.in-addr.arpa. IN PTR router.teststr.lan.
   245.1.168.192.in-addr.arpa. IN PTR strap.teststr.lan.
   109.1.168.192.in-addr.arpa. IN PTR ubuntusvr.teststr.lan.

   I have looked at this manually and with WebMin but I can’t find the problem. None of the following work:
   dig ubuntusvr
   dig ubuntusvr.teststr.lan
   dig router.teststr.lan

   the return data is like:

   dad@ubuntusvr:~$ dig teststr.lan

   ; > DiG 9.4.1-P1 > teststr.lan
   ;; global options: printcmd
   ;; Got answer:
   ;; ->>HEADER

   Lloyd Strickler | Jan 1, 2008 | Reply

4. In switching from another distribution to Ubuntu I have a strange DNS problem. I have 2 system, one stable, configured years ago, based on Slackware, and a fresh system replacing a broken (also Slackware configured) system. For the new one I decided for Ubuntu. I configured bind as I had before, basically mirroring existing DNS-configs,. All matches your description above. Except of course for names. I use a local domainname eregion.local (localnet) with a A-record host ‘osgiliath’ and a ‘www’ CNAME alias for that host.

   Bind seems fine with this: ‘host’ and ‘nslookup’ both give proper responses to queries.

   Now the strange part: when I try to ping http://www.eregion.local I get unknown host. When I point lynx or firefox to this host, they take some time trying names and I end up on some site on public internet http://www.eregion.local.com that happens to exists with a close match in name. The equivalent config on the old Slackware system works properly as I would expect.

   What can cause this?

   Wilfried van Hulzen | Jan 2, 2008 | Reply

5. @Lloyd Strickler - I’ve given your comment some time and I am clueless. Sorry I can’t be more useful. I’ll think about it later and see if I can figure out your troubles.

   Sam | Jan 4, 2008 | Reply

6. @Wilfried van Hulzen - The first thing that comes to mind is that maybe your primary DNS server in your /etc/resolv.conf file is not configured correctly. It may be pointing to some other DNS server then the one you just set up. I believe host and nslookup will work from the terminal (because they are BIND commands) even if your DNS server is not configured correctly in your network configuration files. However, the DNS server has to be specified in /etc/resolv.conf in order for a web browser to find http://www.hostname.local. If this doesn’t work, write back and I will think about this some more.

   Sam | Jan 4, 2008 | Reply

7. What do I need to do if I have the DNS server on a different subnet than the clients?

   Daniel

   Daniel | Jan 26, 2008 | Reply

8. @Daniel - Yikes, I am afraid I can’t give you a good answer. The best I can do is point you to this page, which has extensive BIND9 DNS server manuals. Good Luck.

   Sam | Jan 27, 2008 | Reply

9. Thank you, you help the world by your knowledge.

   AIMS | May 15, 2008 | Reply

10. I’ve been looking all over the place for a tut/guide that can help me with resolving multiple domain names to my server. I have a few names registered with godaddy. My VPS provider gives me 3 ip addresses. I initially set up only one ip that my webserver would be listening on. I’ve successfully forwarded my primary domain over to the server and can access it. BTW, the name server I supplied godaddy was the two from my vps provider.

    I’m stuck when it comes to forwarding my other domain names to my server. I figured i’d have to setup my own dns server on the box using my 3rd IP. I’ve gone through all the similar guides but havent had any luck. BIND is installed correctly with no errors, but my issue is how i go about having my names point my new DNS server. I went to godaddy and tried to supply the IP (the 3rd ip) of my new DNS server but for some reason it didnt like taking the standard IP convention. Its likes NS1.xxx.com, NS2.xxx.com, etc.

    I’ve created seperate zones for the other domains, but for some reason they’re not resolving. when i dig i get a response, but i also see SERVFAIL.

    Any Ideas on where to start my troubleshooting will be apprecaited. Thanks.

    Zinv | May 28, 2008 | Reply

11. @Zinv - I don’t think I understand your predicament completely but as I was reading your comment I thought that perhaps you can get requests to your other two domain names (with unique IP addresses on your VPN) to be forwarded to your primary domain via a php redirect or using your .htaccess file. This may be easier than trying to configure your own DNS server.

    Sam | Jun 3, 2008 | Reply

12. Hi,

    On two lines below:
    ===
    mydomain.lan. IN SOA john.mydomain.lan. hostmaster.mydomain.lan.

    mydomain.lan. IN SOA john.mydomain.lan. root.mydomain.lan.
    ===

    What is the difference between “hostmaster.mydomain.lan” and some tutorial put “root.mydomain.lan”.
    Is the “root” hostname should be there (exist on the network)?

    Thanks,

    bayu | Jul 1, 2008 | Reply

13. @bayu - I would use the hostmaster.mydomain.lan version of this line. I am not sure why someone would use root instead.

    Sam | Jul 2, 2008 | Reply

14. Hi Sam,

    Thanks for your previous answer.

    Another note/question:
    On last paragraph to check DNS, you said by “dig mydomain.lan” will show all of hosts on AUTHORITY SECTION.
    I think the authority section only show the “authoritative name server” of “mydomain.lan” domain, thus NOT all of hosts on our local network (registered on our local DNS).

    If we want to show all the hosts registered on mydomain.lan local DNS server, we can use command: host -l mydomain.lan.

    CMIIW.

    Thanks,
    [bayu]

    bayu | Jul 4, 2008 | Reply

3 Trackback(s)

1. Sep 14, 2007: from Ubuntu DNS Server Guide - BIND Caching Name Server Setup : Zaphu
2. May 15, 2008: from Basement Blog » Blog Archive » Ubuntu and other Linux-Notes
3. May 21, 2008: from Basement Blog » Blog Archive » Ubuntu and Linux related Links

Post a Comment