How to setup BIND on Fedora server behind a router

I need some sample zone files
I have a domain hosted by godaddy
WJBMAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kerem ERSOYPresidentCommented:
Hi,

First of all you need to enable Port 53 TCP and UDP access over your firewall.

If your named will be the primary and you'll have secondaries you'll need both ports.

When it comes to configuration. first of all check this file /etc/sysconfig/named. It should include a ROOTDIR= directive poniting to some direct1ry such as

ROOTDIR=/var/named/chroot

Your config file named.conf is located under /var/named/chroot/etc. The first thing to do is to create a symbolic link to your etc:

ln -s /var/named/chroot/etc/named.conf named.conf

And you are ready to go the named.conf file will include some of these options:


Some comment:
 
/*
 *  Acme Company Bind Configuration
 */
 
/* ACL for  your secondaries and your corporate intranet addresses*/
 
acl acme {
    10.0.0.0/24;
    x.x.x.x/32;
};
 
 
/* Update key for your secondaries */
 
key secondary-update. {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxx";
};
 
/* SECONDARY Server key assignment (if any) */ 
 
server 10.0.0.2 {
        keys { seondary-update. ; };
};
 
 
/* Some options */
 
options {
        version "[DNS]";           /* To fake the Version */
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
 
/* who could transfer AXFR zones (= full zones) */
 
        allow-transfer { acme; };
 
/* who could use recursive queries = queries to Internet others
   could only get our authoritative domains   */
 
        allow-recursion { acme; };
};
 
logging {
        category lame-servers { null; };
        category client { null; };
 
        channel default_syslog {
                syslog daemon;
                severity info; };
};
 
/* Zones */
 
zone "." in {
        type hint;
        file "named.root";
};
 
zone "0.0.127.in-addr.arpa" in {
        type master;
        file "named.loc";
};
 
zone "acme.com in {
        type master;
        file "named.hosts.acme.com";
};

Open in new window

0
Kerem ERSOYPresidentCommented:
named.root file will contain adresses for Universal TLD servers and you should have this file already.  


named.loc will be similar to this:
 
$TTL 86400      ; 1 day
0.0.127.in-addr.arpa    IN SOA  your.domain.origin. user.your.domain.origin. (
                                1997032801 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600    ; expire (2 weeks)
                                86400      ; minimum (1 day)
                                )
 
                        NS      ns01.acme.com.
                        NS      ns02.acme.com.
 
1                       PTR     localhost.
------------------------------------------------
named.hosts.acme.com will we something like this:
 
$TTL 7200       ; 2 hours
@               IN SOA  ns01.acme.com. root.acme.com. (
                                2009052701 ; Serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600    ; expire (2 weeks)
                                7200       ; minimum (2 hours)
                                )
 
                IN        NS      ns01.acme.com.
                IN        NS      ns02.acme.com.
 
                IN        A       ip.addr
 
                IN        MX      20 mail
 
localhost       IN        A       127.0.0.1
 
 
ftp             IN        A       ip.addr.1
mail            IN        A       ip.addr.1
 
www             IN        A       ip.addr.1
*               IN        A       ip.addr.1
 
 

Open in new window

0
Kerem ERSOYPresidentCommented:
I am not sending you a reverse DNS zone since you won't be hosting your reverse DNS. But it is a good idea to let Godaddy add your hostnames to their reverse DNS zones to prevent later errors with SMTP delivery.

Notice the dot after names. Without it named will run the macro @ = domainname and append the domain after names not ending with a dot.

so if we omit the . after ns01.acme.com then the inal domain will be ns01.acme.com.acme.com because of the macro expansion.

This is why we use only www before in a so that it will be completeted to www.acme.com

The SOA values used here are according to the RFC's. RFC-1912, RFC-2308
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Kerem ERSOYPresidentCommented:
Here re some links for bind configuration.

This is a wonderful book on DNS and Bin  by O'reilly http://oreilly.com/catalog/9780596001582/
Some excerpts from the previous editions of the above book: http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch04_03.htm
http://www.centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html
0
WJBMAuthor Commented:
named.hosts.acme.com will we something like this:
 This is what I was looking for:

www             IN        A       ip.addr.1
What does ip.addr.1 mean.
Is this the internal ipaddress of the server.
My router gets the public address of 220.233.200.xxx

Thanks

0
Kerem ERSOYPresidentCommented:
Yeah it is ithe IP address of your www.company.com in the format

www         IN  A    230.233.200.121


(121 is given  as an example to demonstrate the format. Replace with your actual IP octet)
0
WJBMAuthor Commented:
I now have a much better understanding of where to place entries.

I have now implemented and wil be running tests.
So far so good

Tks
WJBM
0
Kerem ERSOYPresidentCommented:
In fact what you would enter to go-daddy screen should include:

- At least 1 DNS record:
- At least one e-MAil Exchanger Record
- At least one IP address
- host records
- One catch all DNS phrase.


@            IN    NS   ns01.godady.com.
@            IN    MX  10 mail-exchange.godaddy.com.

@            IN     A   230.233.201.x

www      IN  A   230.233.201.x

*              IN   A   230.233.201.x


This is all you need to go live. All go daddy servers are fictitious. Replace them with actual host names provided by godady alongwith your welcome e-mail.

Cheers,
K.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.