12: Setting up BIND and caching-nameserver

Setting up BIND and caching-nameserver

This document assumes that your linux distribution already has named and caching-nameserver installed but not configured, and that you know something about how the DNS lookups work. If you don't, play along and you might learn something.

Why set up a caching nameserver? When you have a nameserver on your LAN you can sometimes browse faster then usual because you aren't waiting on your ISP's bogged down servers to return the results to some DNS query that you posted. Also having a DNS server on your LAN helps your computers communicate better with each other because they have an easier way of finding the machine's name and vice versa.

The steps below will allow your computers on the inside to resolve each other's IP addressess as well as resolve outside IP addressess all by asking your router for the needed information.

The first step is to decide what domain name we want to assign to the inside LAN. This is not to be confused with any outside domain name that are on the internet. You can call your LAN whatever you want to however any of the TLD names are off limits as they can cause named to go ballistic. For all intensive purposes this document will establish the LAN as the domain "mynetwork" with all computers being something.mynetwork

Next we need to edit the /etc/named.conf file and change a few things. Under the options{ line add the following lines:

forward only;
forwarders {1.2.3.4; 5.6.7.8; };

Replace the values in red with the values of your ISP's DNS servers. If you have more than two then you can add them in series.

These commands tell named to forward requests that can't be answered with this server to the servers listed in the forwarders section until it gets answered, and to only forward unanswerable queries.

Next you need to add your zone directives. There are two that need to be added, one that contains the forward zone information (name to IP address) and another that conatins the reverse zone information, (IP address to name).

zone"0.168.192.in-addr.arpa" {
type master;
file "mynetwork.reverse.zone";
};

This is a reverse zone directive. Basically this tells named that this server is tha master of the reverse zone and that the info is stored in mynetwork.reverse.zone If you are using a diffrent subnet then 192.168.0.X then you will need to change "0.168.192" to the reverse of the first three blocks of numbers. (e.g. 1.2.3.X becomes 3.2.1.in-addr.arpa)

zone "mynetwork" {
type master;
file "mynetwork.forward.zone";
};

This is the forward zone directive. It looks like the reverse zone directive as shown above but it is only looking for "mynetwork". The three lines work just like the reverse directive except what the file represents has changed.

There are two entries for localdomain domain listed in the named.conf file. Don't change these as they are required by BIND in order to run. Once you have made your changes you will need to go to /var/named and create your forward and reverse zone files. The two directives above each have a file "somefile.somezone" line. This is the actual file name that named will look for in /var/named. If you look in the /etc/named.conf file you will see a directory "/var/named" This tells named where you are going to store your zonefiles. Use the default unless you have a compelling reason to change it.

Although the two files' headers look the same, the bodies of the files differs greatly. Each file starts off like this:

$TTL 86400
@ IN SOA @ root.localhost (
3 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttk
)

This header specifies a good amount of information however this document will only cover the serial number as the rest are pretty good as is. Unless you're setting up DNS master and DNS slave servers on your network that need redundant backups or other really technical stuff like that then you can cut and paste this header int your two new files. The Serial number specified above is used to represent what revision the zonefile is. You are supposed to modify the serial each time you modify the zonefile, Hence, this zonefile that I got this from has been modified three times.

The forward zonefile

The forward zonefile associates names to IP addressess. You cah tell the diffrence between zonefiles right away by reading the data left-to-right. Example:

ns IN A 10.0.0.1
zeus IN A 10.0.0.2

This is a clip from a forward zone. The name comes first. It's a lot like saying "ns is at 10.0.0.1" etc. In the forward zone file, in this case mynetwork.forward.zone you will need to start the data portion with a line that defines your NS Ip addess and then continue with the data as shown:

NS 10.0.0.1
ns IN A 10.0.0.1
richard IN A 10.0.0.2
laptop IN A 10.0.0.3

It is suggested that you put in entries for your DHCP users as well. This will help the computers that pull DHCP IP addressess be able to resolve their hostnames. If you do this be sure to give all your entries unique names. This can be pretty laborious especially if you have a lot of computers. For the DHCP assigned IP's I usually assign them names like DHCP##.matrix where the ## is the last set of numbers in the IP address. i.e. 10.0.0.22 becomes dhcp2.matrix

1 IN PTR ns.matrix.
2 IN PTR zeus.matrix.

This is a clip from a reverse zone. Although there is no full IP address in the leftmost comumn you mut remember that the reverse zone file holds all the IPs for the specified reverse zone. When you write your reverse zone entries it is not necessary to write the entire IP address however it is required that the full name, including the ending "." be listed for each computer.

@ IN NS ns.matrix.
1 IN PTR ns.matrix.
2 IN PTR zeus.matrix.

The first line in this example is the first line after the header that will go in your reverse zone file. This is so that named will know what the name of your server is.. (it's needed!) the rest of the lines are standard for the rest of the computers in your network.

Once you have that done, all you need to do is start named and see if it works! To start named you will need to use the "service named start" command. After that try and look up one of your defined names. Note: The computer you ned to look-up doesn't need to be on, it just needs to have the zones defined.

[root@ns root]# nslookup -sil zeus.matrix
Server: 10.0.0.1
Address: 10.0.0.1#53

Name: zeus.matrix
Address: 10.0.0.2

This is a forward lookup test. This gives you the IP address of the host you specify.

[root@ns root]# nslookup -sil 10.0.0.2
Server: 10.0.0.1
Address: 10.0.0.1#53

2.0.0.10.in-addr.arpa name = zeus.matrix.

This is a reverse lookup test. This gives you the hostname of the IP address you specify.

[root@ns root]# nslookup -sil www.redhat.com,br> Server: 10.0.0.1
Address: 10.0.0.1#53

Non-authoritative answer:
Name: www.redhat.com
Address: 216.148.218.195
Name: www.redhat.com
Address: 216.148.218.197

This is a relay test. This makes sure that your DNS server sends unknown DNS queries outside to get answered by your ISP. I doubt very seriously that you have the forward and reverse zone for the redhat.com domain :P

If your forward test didn't work: i.e. you get an ERROR-NXDOMAIN. You need to check your forward zonefile and make sure that the computer you typed in the name correctly.

If your reverse test didn't work: i.e. You get an ERROR-NXDOMAIN. You need to check your reverse zonefile and make sure that the full domain name is listed, yourpc.yournetwork. not yourpc or yourpc.yournetwork The period needs to be at the end of each domain name.

If your external test didn't work: i.e. You get an ERROR-NXDOMAIN. Check /etc/named.conf and make sure that your forwarders line has IP addressess of your ISP's DNS servers.

If those suggestions didn't fix it or you get a "No DNS servers could be reached" error: Check /etc/resolv.conf anf make sure that there is a line that says "nameserver 127.0.0.1" If you are building this box standalone, make sure that the nameserver line points to the ethernet interface's IP address. Also, make sure named is running by issuing "service named status" and making sure that it's running. If it's not "tail -f /var/log/messages" on another console while you try to start named is also of great help.