Set Up a Primary Master Name Server Using BIND9

This is a step by step guide on how to configure BIND9 as a Primary Master Name Server.

A Primary Master Name Server reads data for a domain zone from a file located on it’s host and is authoritative for that zone. Every zone needs to have at least one DNS name server that is responsible for it. When any device on the Internet wants to know something about a zone, it consults one of its authoritative servers.

The steps will configure your name server as a Primary Master for engrdhee.com. Replace engrdhee.com with your own FQDN (Fully Qualified Domain Name).

Name Server Configuration

Step 1: Configure your Local Network.
Set up the name server’s IP configuration in /etc/network/interfaces.

Step 2: Edit host settings on the name server. Edit /etc/hosts.

[Internet address] [official hostname] [alias1]
127.0.0.1       ns1     localhost.localdomain   localhost
192.168.1.4     ns1.engrdhee.com                 ns1

/etc/hosts file contains IP addresses associated on each host names. The file is accessed by commands that use the network in the absence of a name server.

Step 3: Create a zone file on /etc/bind directory.

sudo nano db.engrdhee.com
; BIND data file for local loopback interface
$TTL    604800
@       IN      SOA     ns1.engrdhee.com. root.engrdhee.com. (
                              4         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
                        NS      ns1.engrdhee.com.

router  IN      A       192.168.1.1
ns1     IN      A       192.168.1.4
laptop          A       192.168.1.2

A zone file is a text file containing a list of all the hosts in your domain, and their corresponding IP address.
DNS records are listed at the bottom of the zone. Here’s a list of DNS records and their meaning:
SOA – Start of Authority. The record that states that this server is authorative for the specified domain.
NS – Name server: Specifies the name server to use to look up a domain
MX – Mail Exchange: Specifies mail server(s) for the domain.
A – A Record: Used for linking a FQDN to an IP address
CNAME – Canoical name: Used to assign aliases to existing A records.
PTR – Used to reveres map IP addresses to a FQDN.

Step 4: Create a reverse zone file.

sudo nano rev.1.168.192.in-addr.arpa
; BIND reverse data file for local loopback interface
$TTL    604800
@       IN      SOA     ns1.engrdhee.com. root.engrdhee.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
        IN      NS      ns1.engrdhee.com
1       IN      PTR     router.engrdhee.com
2       IN      PTR     laptop.engrdhee.com

A Reverse zone allows DNS to conversion from an address to a name.

Increment the serial every time changes are made in the zone and reverse zone file.

Step 5: Edit /etc/bind/named.conf.local.

zone "engrdhee.com" {
        type master;
        file "/etc/bind/db.engrdhee.com";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "/etc/bind/rev.1.168.192.in-addr.arpa";
};

The configuration will tell bind to use the files we created.

Step 6: Configure server firewall, if any.
Open port 53 to accept DNS requests. For ufw, use:

sudo ufw allow 53
sudo ufw allow bind9

sudo ufw app list will list available apps.

Step 7: Reload service.

sudo service bind9 reload

Client Configuration

Step 1: Configure each clients with their correct name server. Edit /etc/resolv.conf.

domain engrdhee.com
search engrdhee.com
nameserver 192.168.1.4
nameserver 192.168.1.1

Testing

tail -f /var/log/syslog
Output should be:

Sep 28 17:57:04 dhee-engr named[3047]: received control channel command 'reload'
Sep 28 17:57:04 dhee-engr named[3047]: loading configuration from '/etc/bind/named.conf'
Sep 28 17:57:04 dhee-engr named[3047]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Sep 28 17:57:04 dhee-engr named[3047]: using default UDP/IPv4 port range: [1024, 65535]
Sep 28 17:57:04 dhee-engr named[3047]: using default UDP/IPv6 port range: [1024, 65535]
Sep 28 17:57:04 dhee-engr named[3047]: reloading configuration succeeded

Use DNS utilities, daemons and other commands to test.
e.g.:

dig engdrhee.com
nsllookup engrdhee.com
route -n 
ping engrdhee.com 
named-checkzone engrdhee.com /etc/bind/db.engrdhee.com
named-checkzone engrdhee.com /etc/bind/rev.1.168.192.in-addr.arpa
dig rev.1.168.192.in-addr.arpa. AXFR

Set Up a Caching Name Server Using BIND9

This is a guide on how to configure BIND9 as a Caching Name Server. BIND9 is set-up as a caching name server by default.

A Caching Name Server caches a received information about a IP-address and FQDN (Fully Qualified Domain Name) mapping. It will reduce the search cost, reducing bandwidth and latency.

Name Server Configuration

Step 1: Add the IP address of your ISP’s DNS servers on /etc/bind/named.conf.options.

        forwarders {
             8.8.8.8;
             8.8.4.4;
        };

In this case, google’s public dns is used. You can replace them with your ISP’s DNS servers.

Step 2: Restart the BIND daemon.

sudo /etc/init.d/bind9 restart

Client Configuration

Step 1: Add the IP Address of your Name Server on /etc/resov.conf.

nameserver 192.168.1.2

Testing

dig -x 127.0.0.1
Output should be:

; <> DiG 9.4.1-P1 <> -x 127.0.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
[...]
;; Query time: 1 msec
;; SERVER: 172.18.100.80#53(172.18.100.80)
;; WHEN: Mon Nov 26 23:22:53 2007
;; MSG SIZE  rcvd: 93

dig google.com twice
Compare the query time. The second query time should improve. This is because your server cache the query.

NTP Server and Client Configuration

NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference. NTP is an Internet standard protocol that is implemented via UDP over port 123. It is the best way to set your system clock correctly.

According to a Survey of the NTP Network, there were at least 175,000 hosts running NTP in the Internet. Source: http://alumni.media.mit.edu/~nelson/research/ntp-survey99/

Here is a step by step guide on how to configure NTP on your Ubuntu machine. Please read my previous post to better understand this guide for NTP Server and Client Configuration.

NTP Server Configuration

Step 1: Install NTP server on your machine.

sudo apt-get install ntp

Step 2: Configure NTP server. NTP’s default main configuration file is located at /etc/ntp.conf.
a: add a number of servers to the server list

server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org

b: restrict the server’s type of access

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

Servers are not allowed to modify the run-time configuration or query your own NTP server.

c: set the localhost to have full access without any restricting keywords

restrict 127.0.0.1

d: define the network where NTP synchronization requests are accecpted by the NTP server

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Step 3: Stop NTP.

/etc/init.d/ntp stop

Step 4: Run ntpdate command.

ntpdate 192.168.1.1

Step 5: Start NTP for the settings to take effect.

/etc/init.d/ntp restart

Step 6: Check if NTP is synchronized.

ntpq -p

Configured time servers are listed. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.

NTP Client Configuration

Follow the same steps provided above and set your server configuration setting to your own server’s current ip address.
server configuration settings on ntp.conf

#server 192.168.1.1