Bind 9
The Domain Name System is basically a database of host information. DNS distributed database is indexed by domain names. Each domain name is essentially just a path in a large inverted tree, called the domain name space.
Configuration file
The named configuration file is located at /etc/named.conf.
Working directory
The working directory is normally located at /var/named , however there is a option in the configuration file which can change this:
| options { directory "/var/named/"; dump-file "/var/named/dbdump"; forwarders { 192.168.0.10; }; }; |
Zone data files
Zone data files (resource files) are located by the file option within the zone section
| zone "movie.edu" in { type master; file "db.movie"; }; |
Process
The DNS process is called named
named 2334 1 0 21:29 ? 00:00:00 /usr/sbin/named -u named
Setting up RNDC
To setup rndc between master and a slave server you must add the following to the named.conf file on both primary and slave servers:
key "dnsadmin" { server 192.168.0.8 { controls { |
All communication with servers is authenticated with digital signatures that rely on a shared secret, this secret key is supplied via the configuration file normally /etc/rndc.conf but also can be supplied via /etc/named.conf as above. To following control options can be used to access other DNS servers.
| Reload configuration file and zones | Reload |
| Reload the given zone | Reload |
| Reload config file and new zones only | Reconfig |
| write server stats | Stats |
| toggle query logging | Querylog |
| dump the servers caches | Dumpdb |
| increment tracing by one | Trace |
| increase tracing by level | Trace |
| set the tracing level to 0 | Notrace |
| flush the servers cache | Flush |
| display the servers status | Status |
Examples:
| # rndc reload # rndc reload movie.edu. # rndc –s <server> reload movie.edu # rndc trace 3 Note: use the –s option to select a bind server (master or slave) |
Logging
To log bind information use the below in /etc/named.conf
logging { |
Logging is a two step approach, first you create a channel to log to, then select what to log to that channel. In the example above a channel “my_file” will log to a file called “/var/named/log/msgs” it will rotate 3 versions of a maximum size of 3Mb. The category option then lets named know what to log, see below for more logging options:
| The catch-all category | general |
| Approval and denial requests | security |
| Messages that named was unable to determine | unmatched |
| Dynamic updates | update |
| Queries | queries |
$ORGIN directive
The $ORGIN directive allows you setup sub-domains within a domain see below for an example:
$ORIGIN comedy.movie.edu. mash IN A 192.249.249.30 |
This sets up a comedy.movie.edu sub-domain with the movie.edu domain. This will be located within the movie.edu zone file.
Serial Number
One of the most common mistakes when updating a zone is forgetting to increase the serial number of that zone.
@ IN SOA linux1 root.linux1 ( 6 ; Serial ); |
When a zone file has been updated to inform the slave servers that the zone has been updated increase the serial number and then reload the zone.
To obtain the serial number of a zone use the following
dig @<name_server> <zone> soa
## named.custom - custom configuration for bind |
Resource records ( db.movie domain )
@ IN SOA linux1 root.linux1 ( ; This creates a subdomain with the movie.edu domain |