BIND : Install

 Install BIND to configure DNS server which resolves domain name or IP address. DNS uses
53/TCP,UDP.
[1] Install BIND 9.

root@dlp:~# apt -y install bind9 bind9utils dnsutils

[2] Configure BIND 9.

On this example, Configure BIND with Grobal IP address [172.16.0.80/29], Private IP address
[10.0.0.0/24], Domain name [srv.world]. However, Please replace IP addresses and Domain
Name to your own environment. ( Actually, [172.16.0.80/29] is for private IP address, though. )

root@dlp:~# vi /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
# comment out

# include "/etc/bind/named.conf.default-zones";
# add

include "/etc/bind/named.conf.internal-zones";
include "/etc/bind/named.conf.external-zones";
root@dlp:~# vi /etc/bind/named.conf.internal-zones
# create new

# define for internal section

view "internal" {
match-clients {
localhost;
10.0.0.0/24;
};
# set zone for internal
zone "srv.world" {
type master;
file "/etc/bind/srv.world.lan";
allow-update { none; };
};
# set zone for internal *note
zone "0.0.10.in-addr.arpa" {
type master;
file "/etc/bind/0.0.10.db";
 allow-update { none; };
};
include "/etc/bind/named.conf.default-zones";
};

root@dlp:~# vi /etc/bind/named.conf.external-zones
# create new

# define for external section

view "external" {
match-clients { any; };
# allow any query
allow-query { any; };
# prohibit recursion

recursion no;

# set zone for external

zone "srv.world" {

type master;

file "/etc/bind/srv.world.wan";

allow-update { none; };

};

# set zone for external *note

zone "80.0.16.172.in-addr.arpa" {

type master;

file "/etc/bind/80.0.16.172.db";

allow-update { none; };

};

};

# *note : For How to write for reverse resolving, Write network address reversely like below

# Case of 10.0.0.0/24
 # network address ⇒ 10.0.0.0

# range of network ⇒ 10.0.0.0 - 10.0.0.255

# how to write ⇒ 0.0.10.in-addr.arpa

# Case of 172.16.0.80/29

# network address ⇒ 172.16.0.80

# range of network ⇒ 172.16.0.80 - 172.16.0.87

# how to write ⇒ 80.0.16.172.in-addr.arpa

[3] Limit ranges you allow to access if needed.

root@dlp:~# 

vi /etc/bind/named.conf.options

options {

directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.

// forwarders {

// 0.0.0.0;

// };

# query range you allow

 allow-query { localhost; 10.0.0.0/24; };

# the range to transfer zone files

allow-transfer { localhost; 10.0.0.0/24; };

# recursion range you allow

allow-recursion { localhost; 10.0.0.0/24; };

//========================================================================

// If BIND logs error messages about the root key being expired,

// you will need to update your keys. See https://www.isc.org/bind-keys

//========================================================================

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035

# change if not use IPV6

listen-on-v6 { none; };

};

BIND : Configure Zones for Name Resolution

2019/07/16
  Create zone files that servers resolve IP address from domain name.
 
[1] For internal zone,
On this example, Configure BIND with internal address [10.0.0.0/24], domain name [srv.world]. Pease replace IP add
Name to your own environment.

root@dlp:~# 

vi /etc/bind/srv.world.lan

$TTL 86400

@ IN SOA dlp.srv.world. root.srv.world. (

2019071601 ;Serial
 3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

# define name server

IN NS dlp.srv.world.

# define name server's IP address

IN A 10.0.0.30

# define mail exchanger

IN MX 10 dlp.srv.world.

# define IP address of the hostname

dlp IN A 10.0.0.30

[2] For external zone,

On this example, Configure BIND with internal address [172.16.0.80/29], domain name [srv.world]. Pease replace IP
Domain Name to your own environment.

root@dlp:~# 

vi /etc/bind/srv.world.wan

$TTL 86400

@ IN SOA dlp.srv.world. root.srv.world. (

2019071601 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

# define name server

 IN NS dlp.srv.world.

# define name server's IP address

IN A 172.16.0.82

# define mail exchanger

IN MX 10 dlp.srv.world.

# define IP address of the hostname

dlp IN A 172.16.0.82

Configure Zones for Address Resolution

  Create zone files that servers resolve domain names from IP address.
 
[3] For internal zone,
On this example, Configure BIND with internal address [10.0.0.0/24], domain name [srv.world]. Pease replace IP add
Name to your own environment.

root@dlp:~# 

vi /etc/bind/0.0.10.db

$TTL 86400

@ IN SOA dlp.srv.world. root.srv.world. (

2019071601 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

# define name server

IN NS dlp.srv.world.

# define the range of this domain included

IN PTR srv.world.
 IN A 255.255.255.0

# define hostname of the IP address

30 IN PTR dlp.srv.world.

[4] For external zone,

On this example, Configure BIND with internal address [172.16.0.80/29], domain name [srv.world]. Pease replace IP
Domain Name to your own environment.

root@dlp:~# 

vi /etc/bind/80.0.16.172.db

$TTL 86400

@ IN SOA dlp.srv.world. root.srv.world. (

2019071601 ;Serial

3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

# define name server

IN NS dlp.srv.world.

# define the range of this domain included

IN PTR srv.world.

IN A 255.255.255.248

# define hostname of the IP address

82 IN PTR dlp.srv.world.

BIND : Verify Resolution

2019/07/16
  Restart BIND to apply changes and Verify name or Address Resolution.
[1] Change DNS setting to refer to local DNS.

root@dlp:~# 

systemctl restart bind9

root@dlp:~# 

vi /etc/resolv.conf

# change to own address

domain srv.world
search srv.world
nameserver 

10.0.0.30

[2] Try to resolv Name or Address normally.

root@dlp:~# 

dig dlp.srv.world.

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> dlp.srv.world.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55942

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; COOKIE: 4d7dc810ee0afaa6c3256f115d2d4ffd9c70cf67412a4e9e (good)

;; QUESTION SECTION:
;dlp.srv.world. IN A

;; ANSWER SECTION:

dlp.srv.world. 86400 IN A 10.0.0.30

;; AUTHORITY SECTION:

srv.world. 86400 IN NS dlp.srv.world.

;; Query time: 0 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)

;; WHEN: Tue Jul 16 19:18:05 JST 2019

;; MSG SIZE rcvd: 100

root@dlp:~# 

dig -x 10.0.0.30

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x 10.0.0.30

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18132

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; COOKIE: 777591e01deae66230c2736c5d2d5029a2956dbaf6ced141 (good)

;; QUESTION SECTION:
 ;30.0.0.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:

30.0.0.10.in-addr.arpa. 86400 IN PTR dlp.srv.world.

;; AUTHORITY SECTION:

0.0.10.in-addr.arpa. 86400 IN NS dlp.srv.world.

;; ADDITIONAL SECTION:

dlp.srv.world. 86400 IN A 10.0.0.30

;; Query time: 0 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)

;; WHEN: Tue Jul 16 19:18:49 JST 2019

;; MSG SIZE rcvd: 136

BIND : Set CNAME Record

2019/07/16
  If you'd like to set another name (Alias) to your Host, define CNAME record in zone file.
[1] Set CNAME record in zone file.

root@dlp:~# 

vi /etc/bind/srv.world.lan

$TTL 86400

@ IN SOA dlp.srv.world. root.srv.world. (

# update serial

2019071602 ;Serial
 3600 ;Refresh

1800 ;Retry

604800 ;Expire

86400 ;Minimum TTL

IN NS dlp.srv.world.

IN A 10.0.0.30

IN MX 10 dlp.srv.world.

dlp IN A 10.0.0.30

# aliase IN CNAME server's hostname

ftp IN CNAME dlp.srv.world.

root@dlp:~# 

rndc reload

server reload successful

root@dlp:~# 

dig ftp.srv.world.

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> ftp.srv.world.

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54525

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

; COOKIE: af56834de0be6ce71bf860135d2d5167604e9d7b9107d0d7 (good)

;; QUESTION SECTION:

;ftp.srv.world. IN A

;; ANSWER SECTION:

ftp.srv.world. 86400 IN CNAME dlp.srv.world.

dlp.srv.world. 86400 IN A 10.0.0.30

;; AUTHORITY SECTION:

srv.world. 86400 IN NS dlp.srv.world.

;; Query time: 0 msec

;; SERVER: 10.0.0.30#53(10.0.0.30)

;; WHEN: Tue Jul 16 19:24:07 JST 2019

;; MSG SIZE rcvd: 118

BIND : Configure Slave DNS Server

2019/07/16
  Configure BIND as a Slave DNS Server.

The following example shows an environment that master DNS is [172.16.0.82], Slave DNS is
[slave.example.host].
[1] Configure DNS master server.

root@dlp:~# 

vi /etc/bind/named.conf.options

options {

directory "/var/cache/bind";
 // If there is a firewall between you and nameservers you want

// to talk to, you may need to fix the firewall to allow multiple

// ports to talk. See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable

// nameservers, you probably want to use them as forwarders.

// Uncomment the following block, and insert the addresses replacing

// the all-0's placeholder.

// forwarders {

// 0.0.0.0;

// };

allow-query { localhost; 10.0.0.0/24; };

# add a range you allow to transfer zone files

allow-transfer { localhost; 10.0.0.0/24; 172.16.0.80/29; };

allow-recursion { localhost; 10.0.0.0/24; };

//========================================================================

// If BIND logs error messages about the root key being expired,

// you will need to update your keys. See https://www.isc.org/bind-keys

//========================================================================

dnssec-validation auto;

auth-nxdomain no; # conform to RFC1035

listen-on-v6 { any; };

};

root@dlp:~# 
 rndc reload

server reload successful

[2] Configure DNS slave server.

root@slave:~# 

vi /etc/bind/named.conf.external-zones

# add settings like follows

zone "srv.world" {

type slave;

masters { 172.16.0.82; };

file "/etc/bind/slaves/srv.world.wan";

};

root@slave:~# 

mkdir /etc/bind/slaves

root@slave:~# 

chown bind. /etc/bind/slaves

root@slave:~# 

rndc reload

server reload successful

root@slave:~# 

ls /etc/bind/slaves

srv.world.wan     

# zone files in master DNS has been just transfered