Configuring a BIND9 Nameserver (5.2 and Above)

Answer

Configuring a BIND9 Nameserver (5.2 and Above)

Contents

About this document
Sample files:
named.conf
named.data
named.rev.10.7.5
named.rev.10.155
named.local
named.ca
How to create files and explanation of each
Using rndc
Starting and testing the nameserver
Using syslog to troubleshoot Named
Setting up clients
About this Document
This document will show how to set up a basic name server using BIND version 9. All data is a modification of IBM's information on configuring a BIND version 9 name server and data found in O'Reilly's DNS and BIND 3rd edition book.
Sample files:
---------------------------
named.conf - sample
---------------------------

NOTE: Use only one mechanism for fowarding, named.ca OR a forwarders statement.
This sample is showing both in the same file for syntax purposes.

options {
directory "/usr/local/named";
forward only;
forwarders { IP1; IP2; };
};

zone "test.com" {
type master;
file "named.data";
};

zone "5.7.10.in-addr.arpa" in {
type master;
file "named.rev.10.7.5";
};

zone "155.10.in-addr.arpa" in {
type master;
file "named.rev.10.155";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

zone "." {
type hint;
file "/etc/named.ca";
};

---------------------------
named.data - sample
---------------------------
$TTL 86400
@ IN SOA venus.test.com. root.venus.ibm.com. (
1 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS venus
venus IN A 10.7.5.1
jupiter IN A 10.7.5.2
mars IN A 10.7.5.3
mailhost IN CNAME mars
neptune IN A 10.7.5.4
pluto IN A 10.155.39.5
mercury IN A 10.155.200.5

---------------------------
named.rev.10.7.5 - sample
---------------------------
$TTL 86400
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS venus.test.com.
1 IN PTR venus.test.com.
2 IN PTR jupiter.test.com.
3 IN PTR mars.test.com.
4 IN PTR neptune.test.com.

---------------------------
named.rev.10.155 - sample
---------------------------
$TTL 86400
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS venus.test.com.
5.39 IN PTR pluto.test.com.
5.200 IN PTR mercury.test.com.

---------------------------
named.local - sample
---------------------------
$TTL 86400
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; serial
3600 ; refresh
600 ; retry
3600000 ; expire
86400) ; minimum
IN NS venus.test.com.
1 IN PTR localhost.

---------------------------
named.ca - sample
---------------------------
. 9999999 IN NS A.ROOT-SERVERS.NET.
. 9999999 IN NS B.ROOT-SERVERS.NET.
. 9999999 IN NS C.ROOT-SERVERS.NET.
. 9999999 IN NS D.ROOT-SERVERS.NET.
. 9999999 IN NS E.ROOT-SERVERS.NET.
. 9999999 IN NS F.ROOT-SERVERS.NET.
. 9999999 IN NS G.ROOT-SERVERS.NET.
. 9999999 IN NS H.ROOT-SERVERS.NET.
. 9999999 IN NS I.ROOT-SERVERS.NET.
. 9999999 IN NS J.ROOT-SERVERS.NET.
. 9999999 IN NS K.ROOT-SERVERS.NET.
. 9999999 IN NS L.ROOT-SERVERS.NET.
. 9999999 IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET IN A 198.41.0.4
B.ROOT-SERVERS.NET IN A 128.9.0.107
C.ROOT-SERVERS.NET IN A 192.33.4.12
D.ROOT-SERVERS.NET IN A 128.8.10.90
E.ROOT-SERVERS.NET IN A 192.203.230.10
F.ROOT-SERVERS.NET IN A 192.5.5.241
G.ROOT-SERVERS.NET IN A 192.112.36.4
H.ROOT-SERVERS.NET IN A 128.63.2.53
I.ROOT-SERVERS.NET IN A 192.36.148.17
J.ROOT-SERVERS.NET IN A 198.41.0.10
K.ROOT-SERVERS.NET IN A 193.0.14.129
L.ROOT-SERVERS.NET IN A 198.32.64.12
M.ROOT-SERVERS.NET IN A 202.12.27.33

How to Create Files and Explanation of each.
---------------------------
named.conf- explanation
---------------------------

Manually create the file /etc/named.conf. Note that this file must be in /etc and must be called "named.conf."
Explanation of each line in named.conf:

options {
directory "/usr/local/named";
};

All sections in the named.conf file are opened with the options statement.
Directions for named are contained within the braces ( { and } ).
A semicolon indicates the end of a configuration statement. In this first stanza, we define what directory all the subsequent files will be found in. Note that this stanza is optional. You can alternatively give the full path name for each data file, but this is a good way of organizing the information.

zone "test.com" {
type master;
file "named.data";
};

This stanza means that this is a primary (or master) name server for the domain called "test.com". The file to be queried for a hostname ending with test.com is /usr/local/named/named.data. A name server is "queried" or consulted to resolve a hostname much like the /etc/hosts file can be queried. So, for example, the command

# nslookup mars.test.com

will reference the file /usr/local/named/named.data to find the IP address for the hostname mars.

zone "5.7.10.in-addr.arpa" in {
type master;
file "named.rev.10.7.5";
};

This stanza means that this name server is primary for the domain called "5.7.10.in-addr.arpa". In other terms, the name server is primary for all IP addresses beginning with 10.7.5.

Note that whenever in-addr.arpa is appended to an IP address, the numbers should be interpreted in REVERSE ORDER. The file /u/dns/named.rev.10.7.5 will be checked when the name server is queried for an IP address beginning with 10.7.5.
For example:

# nslookup 10.7.5.4

will reference the file /usr/local/named/named.rev.10.7.5 to find the hostname assigned to IP address 10.7.5.4.

zone "155.10.in-addr.arpa" in {
type master;
file "named.rev.10.155";
};

This line means that this name server is primary for the domain called "155.10.in-addr.arpa". In other terms, the name server is primary for all IP addresses beginning with 10.155. The file /u/dns/named.rev.155.10 will be checked when the name server is queried for an IP address beginning with 10.155.
For example:

# nslookup 10.155.200.5

will reference the file /usr/local/named/named.rev.10.155 to find the hostname assigned to IP address 10.155.200.5.

zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

This stanza is designed to handle the loopback address of 127.0.0.1. The file /usr/local/named/named.local will be checked when a query is received for 127.0.0.1 (or any other IP address beginning with 127.0.0.) The loopback address should be added to every system.


zone "." {
type hint;
file "/etc/named.ca";
};

This stanza is used in the event that a query is received outside of any of the domains specified. In our case, if a query is received by the name server for any host name that is not in the "test.com" domain, or for any IP address that does not begin with 10.155.x.x, 10.7.5.x, or 127.0.0.x, the named.ca file is essential so that your name server can contact other name servers for assistance.

NOTE:
If your Name Server does not have access to the Internet, you do not need to add the cache line to the named.conf. In such a case you may
want to use a forwarders statement to forward queries to a Name Server
that does have access to the internet. The option will look like this:

options {
forward only;
forwarders { IP1; IP2; };
};

---------------------------
named.data - explanation
---------------------------

To generate a named.data file:
Make sure you have an /etc/hosts file with entries for all hosts you want to be serviced by this DNS server in this domain. You will also need to have the /etc/named.conf file configured. In this example, the /etc/hosts file is:

127.0.0.1 loopback localhost
10.7.5.1 venus
10.7.5.2 jupiter
10.7.5.3 mars mailhost
10.7.5.4 neptune
10.155.39.5 pluto
10.155.200.5 mercury

With the following command, create the named.data file:

# mkdir /usr/local/named
# /usr/samples/tcpip/hosts.awk /etc/hosts > /usr/local/named/named.data

The file created looks like this:

; name server data file
; (also see /etc/named.boot)
;
; NAME TTL CLASS TYPE RDATA
;
; setting default domain to "test.com"
;
$TTL 86400
@ IN SOA venus.test.com. root.venus.ibm.com. (
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
test.com. IN NS venus
venus IN A 10.7.5.1
jupiter IN A 10.7.5.2
mars IN A 10.7.5.3
mailhost IN CNAME mars
neptune IN A 10.7.5.4
pluto IN A 10.155.39.5
mercury IN A 10.155.200.5

After this step, the domain fields in the nameserver and SOA lines will be left blank. You must manually add the appropriate domain information, just make sure to include the trailing periods, otherwise some of the resolution requests will return incorrect values.

Detailed Explanation of named.data:

; a semicolon means the line is commented out.

The first uncommented line begins the SOA or Start of Authority record for this file. Do not modify this for now. For an explanation of the SOA record.
The line:

test.com. IN NS venus


======================================================================
======================================================================
======================================================================

is an NS or name server record. This line indicates that venus is a name server. 86400 is the timeout value and IN means it is an Internet record (you should call them this regardless of whether or not you are actually connecting to the Internet).

Notice that the hostnames listed in the file are the "short" names (do not have the domain name appended). This is because the domain name for this file is "test.com" and will be appended to each hostname that is not followed by a ".". In this case, none of the hostnames (e.g pluto, mars, venus) are followed by a "." and will be expanded to the fully qualified domain name. For example, the line:

jupiter IN A 10.7.5.2

is equal to

jupiter.test.com. IN A 10.7.5.2

neptune IN A 10.7.5.4

This line shows an A record or address record. The host neptune has the address 10.7.5.4. Notice that each host in the domain has its own A record.

mailhost IN CNAME mars

Since mailhost is an alias for mars, a CNAME is used to signify this.

---------------------------
named.rev.10.155 and named.rev.10.7.5 - explanation
---------------------------

With the following command, create the named.rev file:

# /usr/samples/tcpip/addrs.awk /etc/hosts > /usr/local/named/named.rev.10.7.5
# /usr/samples/tcpip/addrs.awk /etc/hosts > /urs/local/named/named.rev.10.155

Both files will need some modification but for now should look like:

; setting default domain to ... test.com
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS venus
1.0.0.127.in-addr.arpa. IN PTR loopback.test.com.
1.5.7.10.in-addr.arpa. IN PTR venus.test.com.
2.5.7.10.in-addr.arpa. IN PTR jupiter.test.com.
3.5.7.10.in-addr.arpa. IN PTR mars.test.com.
4.5.7.10.in-addr.arpa. IN PTR neptune.test.com.
5.39.155.10.in-addr.arpa. IN PTR pluto.test.com.
5.200.155.10.in-addr.arpa. IN PTR mercury.test.com.

The named.rev.10.5.3 and named.rev.10.155 will need to be modified now.

The named.rev.10.5.3 should be modified to read:

; setting default domain to ... test.com
$TTL 86400
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS venus.test.com.
1 IN PTR venus.test.com.
2 IN PTR jupiter.test.com.
3 IN PTR mars.test.com.
4 IN PTR neptune.test.com.

NOTICE: The changes made were:
Take out all hosts from this file that do not begin with 10.7.5. Only hosts that begin with 10.7.5 remain here. Also, note that 5.7.10.in-addr.arpa. has been removed from the line. The reason is this. Just as "test.com" was appended to all of the hostnames not followed by a "." in the named.data file, all hostnames in the named.rev files, not followed by a "." will have .5.7.10.in-addr.arpa appended to it. Be sure that each hostname (e.g. jupiter.test.com.) in the named.rev files has a dot at the end. If the dot is omitted, commands such as:

# nslookup 10.7.5.4

will return

jupiter.5.7.10 is 10.7.5.4

Unlike the named.data file, the named.rev files are subject to expansion. In the case of:

3 IN PTR mars.test.com.

3 will be expanded to 3.5.7.10.in-addr.arpa. Interpreted in reverse order this equals 10.7.5.3. This is a PTR or pointer record which are used to map IP addresses to names.

Modify named.rev.10.155 in a similar manner to read:

; setting default domain to ... test.com
$TTL 86400
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; Serial
3600 ; Refresh
300 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS venus.test.com.
5.39 IN PTR pluto.test.com.
5.200 IN PTR mercury.test.com.

The changes made to this file were made as they were for named.rev.10.7.5.

The domain 155.10.in-addr.arpa will be appended to 5.39 and 5.200 when expanded. Note: The expansion does not actually take place in the file. It only takes place when queried.

---------------------------
named.local - explanation
---------------------------

Create named.local file manually.(there is no script to create it).
a. Specify the Start of Authority of the zone and the default time-to-live information. You may copy this information directly from the named.data or named.rev files. For example:

$TTL 86400
@ IN SOA venus.test.com. root.venus.test.com. (
1.1 ; Serial
3600 ; Refresh
600 ; Retry
3600000 ; Expire
86400) ; Minimum

b. Specify the Name Server (NS) record. For example, the name of the name server for the test.com domain is "venus":

IN NS venus.test.com.

(Note: 1st column is blank)

c. Specify the Pointer (PTR) record.

1 IN PTR localhost.

---------------------------
named.ca- explanation
---------------------------

Creating named.ca: If you are not connected to the Internet, do not create a named.ca file. If you are connected to the Internet, you will need to put a list of root name servers in the named.ca file. This list is maintained by NIC and can be obtained:
Via anonymous ftp to rs.internic.net, get named.ca in /domain. No modification is needed for the contents of this file. You will then need to change the permissions to 755.

Starting and testing the nameserver
Changing the named symbolic link:

At AIX 4.3 and above, the /usr/sbin/named command is actually a symbolic link to /usr/sbin/named4. Likewise, the /usr/sbin/named-xfer command is also a link and will need re-linking as well. In order to run BIND version 8, we need to change these pointers with the following two commands:

#ln -sf /usr/sbin/named8 /usr/sbin/named
#ln -sf /usr/sbin/named8-xfer /usr/sbin/named-xfer

This should create a link that should have permissions of 777 and be owned by root, with a group of system.

1. Create the file /etc/resolv.conf file with the following two lines:

nameserver 10.7.5.1
domain test.com

(where 10.7.5.1 is the IP address of venus, the nameserver) You can alternativly leave the nameserver line out completely.

2. With the following command, start named:

# startsrc -s named


Pick any host in your domain, for example a machine called "jupiter": Type in:

# nslookup jupiter
jupiter.test.com is 10.7.5.2

# nslookup 10.7.5.2
jupiter.test.com is 10.7.5.2

If you do not get results similar to the above, name resolution is not working properly. The command "nslookup jupiter" will look in the named.data for information and the command "nslookup 10.7.5.2" will look in named.rev.10.7.5. Look for configuration errors in the appropriate files if name resolution is not working.

Setting up clients (for AIX v4 or v5)
On all clients that will use name resolution, create a file /etc/resolv.conf with the following two lines:

nameserver 10.7.5.1
domain test.com

Using syslog to troubleshoot named
Syslog may be used to capture syntax errors in the configuration files of named.

# stopsrc -s named
# stopsrc -s syslogd
# vi /etc/syslog.conf
daemon.debug /var/log/named.out
# touch /var/log/named.out
# startsrc -s syslogd
# startsrc -s named

After doing this, you may cat the named.out file for clues to use in debugging your files.