Skip to content

Bind and DNS

This page is about domain name services, and in particular bind9 because that is what most often is used. Also dnssec will be handled.

We will setup a simple test domain, and extend it to contain additional features like dnssec etc. Also there will be a separate chapter about debugging DNS.

Introduction

First let's refresh the memory. Again i forgot the differences in DNS server types, and query types.

  • iterative query : return an answer or a referral where to look
  • recursive query : return a complete answer or error, clients always make these

image

Authoritative-Only DNS Server

A server responsible for a zone, and only concerned with questions about that zone.

  • very fast
  • does not answer recursive queries
  • does not cache results

So these are never servers your browser queries.... For authoritative server there is another subdivision :

master vs slave

Any zone responsible for an internet routable zone must have at least two name servers. The difference between a master and a server is mostly that a master keeps the zone file on it's disk, and the slave get's its data via zone transfers. Also, a server can be slave for one zone and master for another !

image

Caching DNS server

These handle client requests and cache them if needed. If they don't have the answer they query other servers.

  • Access to the whole DNS tree
  • Cache it's results locally for faster queries

Forwarding DNS server

These also cache but don't do the recursion themselves, they forward that to a caching DNS server but do cache the results locally.

  • Able to do recursive queries without performing the recursion itself.
  • Cache it's results locally for faster queries
  • Flexibility in splitting zone queries.

Private vs public

Of course a public server has some more restriction than when you keep things private. For instance an external server has to be double, and of course you could redefine google.com internally if you really want.

Installation

Installation was done on a CentOS 7 virtual machine, i don't think other linux distro's will differ very much from this guide. For the domain you can take an unused subdomain of a domain you own. In this case i work at rinis.nl and i know my own name is not used as a subdomain, so the domain for this server becomes :

Used zone

: 

class

:   note

> kees.rinis.nl

And it will be an authoritative only private master.

centos

install
1
yum install bind bind-utils

Later...

debugging

First... Note that sometimes it is called named and sometimes it is called bind. Named is kind of silent, so if you want to know why things are not working try starting it like this :

start bind manually
1
2
/etc/init.d/bind9 stop
/usr/sbin/named -u named -d 3 -g
  • -u named makes it run as user 'named'
  • -d 3 means debug level 3
  • -g means don't run in the background

The last time i installed bind9, there was no user 'named' created, in that case,just leave out the '-u name'.