Link to home
Start Free TrialLog in
Avatar of WJBM
WJBM

asked on

How to setup BIND on Fedora server behind a router

I need some sample zone files
I have a domain hosted by godaddy
Avatar of Kerem ERSOY
Kerem ERSOY
Hi,

First of all you need to enable Port 53 TCP and UDP access over your firewall.

If your named will be the primary and you'll have secondaries you'll need both ports.

When it comes to configuration. first of all check this file /etc/sysconfig/named. It should include a ROOTDIR= directive poniting to some direct1ry such as

ROOTDIR=/var/named/chroot

Your config file named.conf is located under /var/named/chroot/etc. The first thing to do is to create a symbolic link to your etc:

ln -s /var/named/chroot/etc/named.conf named.conf

And you are ready to go the named.conf file will include some of these options:


Some comment:
 
/*
 *  Acme Company Bind Configuration
 */
 
/* ACL for  your secondaries and your corporate intranet addresses*/
 
acl acme {
    10.0.0.0/24;
    x.x.x.x/32;
};
 
 
/* Update key for your secondaries */
 
key secondary-update. {
        algorithm hmac-md5;
        secret "xxxxxxxxxxxxxxxx";
};
 
/* SECONDARY Server key assignment (if any) */ 
 
server 10.0.0.2 {
        keys { seondary-update. ; };
};
 
 
/* Some options */
 
options {
        version "[DNS]";           /* To fake the Version */
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
 
/* who could transfer AXFR zones (= full zones) */
 
        allow-transfer { acme; };
 
/* who could use recursive queries = queries to Internet others
   could only get our authoritative domains   */
 
        allow-recursion { acme; };
};
 
logging {
        category lame-servers { null; };
        category client { null; };
 
        channel default_syslog {
                syslog daemon;
                severity info; };
};
 
/* Zones */
 
zone "." in {
        type hint;
        file "named.root";
};
 
zone "0.0.127.in-addr.arpa" in {
        type master;
        file "named.loc";
};
 
zone "acme.com in {
        type master;
        file "named.hosts.acme.com";
};

Open in new window

Avatar of Kerem ERSOY
Kerem ERSOY
named.root file will contain adresses for Universal TLD servers and you should have this file already.  


named.loc will be similar to this:
 
$TTL 86400      ; 1 day
0.0.127.in-addr.arpa    IN SOA  your.domain.origin. user.your.domain.origin. (
                                1997032801 ; serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600    ; expire (2 weeks)
                                86400      ; minimum (1 day)
                                )
 
                        NS      ns01.acme.com.
                        NS      ns02.acme.com.
 
1                       PTR     localhost.
------------------------------------------------
named.hosts.acme.com will we something like this:
 
$TTL 7200       ; 2 hours
@               IN SOA  ns01.acme.com. root.acme.com. (
                                2009052701 ; Serial
                                10800      ; refresh (3 hours)
                                3600       ; retry (1 hour)
                                1209600    ; expire (2 weeks)
                                7200       ; minimum (2 hours)
                                )
 
                IN        NS      ns01.acme.com.
                IN        NS      ns02.acme.com.
 
                IN        A       ip.addr
 
                IN        MX      20 mail
 
localhost       IN        A       127.0.0.1
 
 
ftp             IN        A       ip.addr.1
mail            IN        A       ip.addr.1
 
www             IN        A       ip.addr.1
*               IN        A       ip.addr.1

Open in new window

Avatar of Kerem ERSOY
Kerem ERSOY
I am not sending you a reverse DNS zone since you won't be hosting your reverse DNS. But it is a good idea to let Godaddy add your hostnames to their reverse DNS zones to prevent later errors with SMTP delivery.

Notice the dot after names. Without it named will run the macro @ = domainname and append the domain after names not ending with a dot.

so if we omit the . after ns01.acme.com then the inal domain will be ns01.acme.com.acme.com because of the macro expansion.

This is why we use only www before in a so that it will be completeted to www.acme.com

The SOA values used here are according to the RFC's. RFC-1912, RFC-2308
Avatar of Kerem ERSOY
Kerem ERSOY
Here re some links for bind configuration.

This is a wonderful book on DNS and Bin  by O'reilly http://oreilly.com/catalog/9780596001582/
Some excerpts from the previous editions of the above book: http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch04_03.htm
http://www.centos.org/docs/2/rhl-rg-en-7.2/s1-bind-configuration.html
Avatar of WJBM
WJBM

ASKER

named.hosts.acme.com will we something like this:
 This is what I was looking for:

www             IN        A       ip.addr.1
What does ip.addr.1 mean.
Is this the internal ipaddress of the server.
My router gets the public address of 220.233.200.xxx

Thanks

Avatar of Kerem ERSOY
Kerem ERSOY
Yeah it is ithe IP address of your www.company.com in the format

www         IN  A    230.233.200.121


(121 is given  as an example to demonstrate the format. Replace with your actual IP octet)
Avatar of WJBM
WJBM

ASKER

I now have a much better understanding of where to place entries.

I have now implemented and wil be running tests.
So far so good

Tks
WJBM
ASKER CERTIFIED SOLUTION
Avatar of Kerem ERSOY
Kerem ERSOY
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial