HOWTO setup a small server

Bind9 (Domain Name Service Service)


The installation of the domain name service (DNS) server is performed by:

# apt-get install bind9

Basic Configuration

The basic configuration of Bind9 could look like this for a name server doing forwarding and managing a small LAN:

File: /etc/bind/named.conf.options

options {
	directory "/var/cache/bind";

	auth-nxdomain no;    # conform to RFC1035

	// contains a list of servers to which queries should
	// be forwarded (up to three servers may be listed)

	forwarders {;; };

	// prefer usage of the name server declared in the
	// forwarders section

	forward first;

	// network interfaces to listen on and optionally the
	// port for IPv4/IPv6 (default: 'port 53'/'any')

	listen-on port 53 {;; };
	listen-on-v6 { none; };

	// may be needed if a firewall stands between the local
	// server and the internet

	//query-source address * port 53;
	//transfer-source * port 53;
	//notify-source * port 53;

	// networks or IP addresses to accept queries from
	// (default: allow from all hosts)

	allow-query {;; };

	// hosts allowed to make recursive queries

	allow-recursion {;; };

	// hosts are allowed to receive zone transfers

	//allow-transfer { none; };
	allow-transfer {; };

	// specifies, whether notify messages are sent to
	// other name servers when the the zone data is changed

	notify no;

Zone Configuration

Your local zones must be specified like this:

Excerpt: /etc/bind/named.conf.local

zone "" {
  type master;
  file "/etc/bind/";

zone "" {
  type master;
  file "/etc/bind/db.2.1.223";

The zone files have the following format (do not forget the dots following host names!):

File: /etc/bind/

$TTL 1D	IN SOA	server (
		2007111301	; serial
		1D		; refresh
		1H		; retry
		1D		; expire
		1D )		; minimum

		IN NS		server
		IN MX		10 server

; domain to IP mappings
server	IN A

File: /etc/bind/db.2.1.223

		2007111301	; serial
		1D		; refresh
		1H		; retry
		1D		; expire
		1D )		; minimum


; IP to domain mappings

Networking Requirements

Prerequisite: Shorewall To allow users on your net to access the name server configure your packet filter appropriatly:

Excerpt: /etc/shorewall/rules

ACCEPT		net		$FW		udp	53
ACCEPT		net		$FW		tcp	53

And finally, restart Shorewall:

# shorewall restart

Back to index.