Bind is the de-facto DNS server used in almost all kinds of environment all over the world.
This article is a How-To for creating a local caching name server for your network to resolve DNS hostnames faster and also to conserve your precious bandwidth.
The Domain Name System (DNS) is the crucial glue that keeps computer networks in harmony by converting human-friendly hostnames to the numerical IP addresses computers require to communicate with each other. DNS is one of the largest and most important distributed databases the world depends on by serving billions of DNS requests daily for public IP addresses. Most public DNS servers today are run by larger ISPs and commercial companies but private DNS servers can also be useful for private home networks.
Without DNS, most of the Internet comprising WWW, Email, etc will simply fail to work!
This How-To can to be used for running bind as a fast caching name server from a small network to a large corporate environment.
A caching only name server will find the answer to name queries and remember the answer the next time you need it. You can configure a caching name server to query the ROOT servers directly or use it to forward to your ISP name servers to build a very big and effective cache.
This will shorten the waiting time the next time significantly, especially if you’re on a slow connection.
Having said that, this guide can be used for both Linux based and BSD based operating systems.
As of today (17-Dec-2007), the latest stable version of Bind is 9.4.2
(1.) Create the bind UserID and Group
groupadd bind
useradd -g bind bind
(2.) Download the latest copy of Bind
mkdir -p /usr/local/src
cd /usr/local/src
wget http://ftp.isc.org/isc/bind9/9.4.2/bind-9.4.2.tar.gz
(3.) Unzip the source file
tar zxvf bind-9.4.2.tar.gz
(4.) cd bind-9.4.2
(5.) Compile bind with the following parameters:
./configure –prefix=/usr \
–sysconfdir=/etc/namedb \
–mandir=/usr/share/man \
–localstatedir=/var
(6.) make
(7.) make install
If all goes well, bind is installed and we can go to the configuration part!
(8.) create the necessary directories and files
mkdir -p /var/run/named/
touch /var/run/named/pid
mkdir -p /var/dump
touch /var/dump/named_dump.db
mkdir -p /var/stats
touch /var/stats/named.stats
mkdir -p /var/log/named/
touch /var/log/named/queries.log
chown -R bind:bind /etc/namedb
chown -R bind:bind /var/log/named
chown -R bind:bind /var/run/named
chown -R bind:bind /var/dump
chown -R bind:bind /var/stats
(9.) Generate your usable rndc.conf file using rndc-confgen with the key name “dnssecret”
with a key size of 256 bits.
rndc-confgen -a -c /etc/namedb/rndc.conf -k dnssecret -b 256
(10.) cd /etc/namedb
(11.) vi named.conf
Copy and paste the following configuration:
############# Start of /etc/namedb/named.conf ################
acl local {
127.0.0.1;
192.168.0.0/24;
172.16.0.0/24;
10.0.0.0/24;
};
options {
directory “/etc/namedb”;
pid-file “/var/run/named/pid”;
dump-file “/var/dump/named_dump.db”;
statistics-file “/var/stats/named.stats”;
listen-on { 127.0.0.1;};
listen-on { 192.168.0.1; };
listen-on { 172.16.0.1; };
listen-on { 10.0.0.1; };
#The following forwarders will only be needed if you want your cache to forward DNS #requests
to your ISP DNS servers.
forwarders {
IP.OF.ISP.DNSSERVER1;
IP.OF.ISP.DNSSERVER2;
};
query-source address * port 53;
};
key “dnssecret” {
algorithm hmac-md5;
secret “Copy and paste your dnssecret key generated by rndc-confgen”;
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “dnssecret”; };
};
zone “.” {
type hint;
file “named.root”;
};
##We need to log the dns queries of our clients
/*
options {
statistics-file “named-stats.log”;
}
*/
logging {
channel queries_log {
file “/var/log/named/queries.log” versions 5 size 50m ;
print-severity yes;
print-time yes;
};
category queries { queries_log ; };
};
############## End of /etc/namedb/named.conf #################
(12.) Next the named.root file listing the root name servers.
dig > /etc/namedb/named.root
(13.) Add the localhost entry in /etc/resolv.conf
vi /etc/reslov.conf
search example.com
nameserver 127.0.0.1
nameserver 192.168.0.1
nameserver 172.16.0.1
nameserver 10.0.0.1
(14.) Run your newly configured Bind caching name server
/usr/sbin/named -u bind -c /etc/namedb/named.conf
(15.) Check for any syntax mistakes and possible errors in /var/log/messages and run a few
dns tests.
dig cnn.com
dig isc.org
dig mit.edu
dig squid-cache.org
dig freebsd.org
(16.) If all the hostnames resolves into IP addresses, you should see the entries in your
queries.log
tail -f /var/log/named/queries.log
You should see something like the following queries:
05-Oct-2007 13:31:35.457 info: client 127.0.0.1#51604: query: cnn.com IN A +
05-Oct-2007 13:31:40.337 info: client 127.0.0.1#56894: query: isc.org IN A +
05-Oct-2007 13:31:44.657 info: client 127.0.0.1#52537: query: mit.edu IN A +
05-Oct-2007 13:31:50.959 info: client 127.0.0.1#51148: query: squid-cache.org IN A +
05-Oct-2007 13:31:56.153 info: client 127.0.0.1#65424: query: freebsd.org IN A +