I took this tutorial from this is site

http://www.ubuntugeek.com/dns-server-setup-using-bind-in-ubuntu.html

and convert nto pdf.

DNS Stands for Domain Name Service.On the Internet, the Domain Name Service (DNS) stores and
associates many types of information with domain names; most importantly, it translates domain names
(computer hostnames) to IP addresses . It also lists mail exchange servers accepting e-mail for each
domain. In providing a worldwide keyword-based redirection service, DNS is an essential component
of contemporary Internet use.

Introduction
BIND (Berkeley Internet Name Domain) is an open reference implementation of the Domain Name
System (DNS) protocol and provides a redistributable implementation of the major components of the
Domain Name System.
a name server (named)
a resolver library
troubleshooting tools like nslookup and dig
The BIND DNS Server is used on the vast majority of name serving machines on the Internet,
providing a robust and stable architecture on top of which an organization’s naming architecture can be
built. The resolver library included in the BIND distribution provides the standard APIs for translation
between domain names and Internet addresses and is intended to be linked with applications requiring
name service.
Firewall Config
Bind listens on port 53 UDP and TCP. TCP is normally only used during zone transfers so it would
appear that you could filter it if you have no slaves. However If the response to a query is greater than
1024 bytes, the server sends a partial response, and client and server will try to redo the transaction
with TCP.
Responses that big do not happen often, but they happen. And people do quite often block 53/tcp
without their world coming to an end. But this is where one usually inserts the story about the Great
DNS Meltdown when more root servers were added. This made queries for the root list greater than
1024 and the whole DNS system started to break down from people violating the DNS spec (RFC1035)
and blocking TCP.
Differences in BIND8 and BIND9
Apart from being multi-threaded, and a complete code rewrite - which should provide better stability
and security in the long term, there are other differences
If there is a syntax error in named.conf, BIND9 will log errors and not reload the named server. BIND8
will log errors and the daemon will die!
Extensive support of TSIGs (shared keys) for access control, for example, “update-policy” can be used
for fine grained access control of dynamic updates.
The tool for starting/stopping/reloading etc., rndc is different from the v8 ndc - different
communications, authentication and features.
Syntax in zone files is more rigorously checked (e.g. a TTL line must exist)
In named.conf
v8 options ‘check-names’ and ’statistics-interval’ are not yet implemented in V9.
the default for the option ‘auth-nxdomain’ is now ‘no’, if you don’t set this manually, BIND 9 logs a
corresponding message on startup.
The root server list, often called named.root or root.hints in BIND8 is not necessary in BIND 9, as it is
included within the server.
Installing Bind in Ubuntu
sudo apt-get install bind9 dnsutils
This will install all the required packages for bind9
Configuring Bind
If you install Bind from the source code, you will have to edit the file named.conf. However, Ubuntu
provides you with a pre-configured Bind, so we will edit named.conf.local file
sudo vi /etc/bind/named.conf.local
This is where we will insert our zones.If you want to know what is zone in DNs check this
DNS zone is a portion of the global DNS namespace. This namespace is defined by RFC 1034,
“Domain Names - Concepts and Facilities” and RFC 1035, “”Domain Names - Implementation and
Specification”, and is laid out in a tree structure from right to left, such that divisions of the namespace
are performed by prepending a series of characters followed by period (‘.’), to the upper namespace
You need to add the following lines in named.conf.local file
# This is the zone definition. replace example.com with your domain name
zone “example.com” {
type master;
file “/etc/bind/zones/example.com.db”;
};
# This is the zone definition for reverse DNS. replace 0.168.192 with your network address in reverse
notation - e.g my network address is 192.168.0
zone “0.168.192.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.0.168.192.in-addr.arpa”;
};
Now you need to edit the options file
sudo vi /etc/bind/named.conf.options
We need to modify the forwarder. This is the DNS server to which your own DNS will forward the
requests he cannot process.
forwarders {
# Replace the address below with the address of your provider’s DNS server
123.123.123.123;
};
add the zone definition files (replace example.com with your domain name
sudo mkdir /etc/bind/zones
sudo vi /etc/bind/zones/example.com.db
The zone definition file is where we will put all the addresses / machine names that our DNS server
will know.Example zone file as follows
// replace example.com with your domain name. do not forget the . after the domain name!
// Also, replace ns1 with the name of your DNS server
example.com. IN SOA ns1.example.com. admin.example.com. (
// Do not modify the following lines!
2007031001
28800
3600
604800
38400
)
// Replace the following line as necessary:
// ns1 = DNS Server name
// mail = mail server name
// example.com = domain name
example.com. IN NS ns1.example.com.
example.com. IN MX 10 mail.example.com.
// Replace the IP address with the right IP addresses.
www IN A 192.168.0.2
mta IN A 192.168.0.3
ns1 IN A 192.168.0.1
Create Reverse DNS Zone file
A normal DNS query would be of the form ‘what is the IP of host=www in domain=mydomain.com’.
There are times however when we want to be able to find out the name of the host whose IP address =
x.x.x.x. Sometimes this is required for diagnostic purposes more frequently these days it is used for
security purposes to trace a hacker or spammer, indeed many modern mailing systems use reverse
mapping to provide simple authentication using dual look-up, IP to name and name to IP.
In order to perform Reverse Mapping and to support normal recursive and Iterative (non-recursive)
queries the DNS designers defined a special (reserved) Domain Name called IN-ADDR.ARPA. This
domain allows for all supported Internet IPv4 addresses (and now IPv6).
sudo vi /etc/bind/zones/rev.0.168.192.in-addr.arpa
copy and paste the following sample file
//replace example.com with yoour domain name, ns1 with your DNS server name.
// The number before IN PTR example.com is the machine address of the DNS server. in my case, it’s
1, as my IP address is 192.168.0.1.
@ IN SOA ns1.example.com. admin.example.com. (
2007031001;
28800;
604800;
604800;
86400
)
IN NS ns1.example.com.
1 IN PTR example.com
Restart Bind server using the following command
sudo /etc/init.d/bind9 restart
Testing Your DNS Server
Modify the file resolv.conf with the following settings
sudo vi /etc/resolv.conf
Enter the following details save and exit the file
// replace example.com with your domain name, and 192.168.0.1 with the address of your new DNS
server.
search example.com
nameserver 192.168.0.1
Test your DNS Using the following command
dig example.com

Mike says:
August 31, 2008 at 7:14 am

I am unsure about what this means:

// Replace the IP address with the right IP addresses.
www IN A 192.168.0.2
mta IN A 192.168.0.3
ns1 IN A 192.168.0.1
192.168.0.2 is the address that I have given to my DNS server if that matters?
Bind starts OK when the server boots - but how do I create a DNS alias or DNS records for my
LAN?
Prabin Dahal says:
December 29, 2008 at 9:54 am

Hi, I tried your post.

when I run dig prabin-dahal.com.np it responds the following:
; <> DiG 9.4.2-P2 <> prabin-dahal.com.np
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42577
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;prabin-dahal.com.np. IN A
;; Query time: 0 msec
;; SERVER: 192.168.0.108#53(192.168.0.108)
;; WHEN: Mon Dec 29 15:38:47 2008
;; MSG SIZE rcvd: 37
but I am not able to ping prabin-dahal.com.np what is the problem?
Ian says:
January 25, 2009 at 10:03 pm

Prabin,
I have the same problem. I think that, although it says it has got answer, all the lines start with a ; - so
there is no data in the answer it got.
Wish I knew what was going wrong!
S.Sathiya Seelan says:
January 29, 2009 at 10:33 am

I’m new to Ubuntu. I want to configure this windows configuration in Ubuntu. If I configure like this,
then only i can use ubuntu in whole network. Is it possible. Please help to configure
IP Address: 10.1.171.148
Subnet Mask : 255.255.255.0
Gateway : 10.1.171.1
Primary DNS : 10.1.1.36
Alternate DNS : 10.1.1.37
DNS Suffix for this connection : bheltry.co.in
• Storm says:
February 18, 2009 at 3:19 pm
Hi there,
Guys i’m new to linux and i need some help to configure bind9.
My server is behind a router.
Router ip 86.106.193.xxx
DNS ip 86.106.196.xxx
Server ip 192.168.1.100
Ports 20,21,53,80 forwarded to Server
Can you please mention what changes should I make to the sample configuration you postet at the top ?
Thank you
• Alexey says:
March 21, 2009 at 8:00 pm
I have no problem when I start manual bind9 but when I reboot notebook it just [fail] where I can found
a problem?
I’ve look at dmesg, syslog, daemon.log, debug there no answer…
• Moustafa says:
March 25, 2009 at 11:31 pm
hi all i want any one help me please
* Stopping domain name service… bind rndc: connect failed: 127.0.0.1#953: connection refused
[fail]
* Starting domain name service… bind [fail]
also this message appear during restart my bind server and i have copies the rndc file into
/var/named/chroot/etc what shuld i do an what IP address i should assugn into my PC??
• Jacob says:
March 27, 2009 at 7:08 am
okay, so I actually did a ddns setup with a completely different walkthrough. I think I somewhat
understand it now, but for some reason, Ubuntu Server wants to be a bit flaky.
In any case, started, the rndc.key file was owned by bind and couldn’t be opened by the DHCP daemon.
Created a copy of the .key file in /etc/dhcp3 and chowned it to root. restarted bind, restarted dhcp3. No
complaints, except the name server could only resolve itself and not the client I connected via DHCP.
That might be because I configured the client box with a fixed IP because I’m sharing a network and
don’t have a personal gateway server and don’t want the IT guys to threaten me with expulsion. If you
know if a ddns configuration works with fixed-address hosts in dhcpd.conf, that would be a wonderful
thing to know. Also, if you want to know the reason I’d do DDNS rather that static DNS is because I’m
trying to manage 30+ machines, which isn’t really nice. The most work I want is maintaining a list of
machine addresses and automating everything else.
Then I ran a command, the box froze, I restarted it.
After restarting the box, the zones folder as well as the key files could not be accessed by dhcpd, bind,
or sudo just about anything, regardless of permissions, and even if I change permissions to the admin
account and restart the box.
DHCP: I don’t want to configure and keep track of IP addresses for 30+ boxes.
DDNS: I don’t want to configure /etc/hosts for 30+ boxes.
Then onto centralizing user authentication, and when we finally get a half-decent server, home folders.
• rey says:
April 29, 2009 at 3:55 pm
hi, I have follow steep by steep this tutorial, but when try to restart bind9 I get this error:
rndc: connect failed: 127.0.0.1#953: connection refused
and the bind9 don’t start just say [fail]
whys is this error ?
• mcsedude says:
April 30, 2009 at 11:17 pm
What to check if it does not work? I followed each step. Can you help me?
• mcsedude says:
April 30, 2009 at 11:21 pm
I changed the /etc/resolv.conf with my dns server and dig example.com does not resolves but if I put
dns forwarders it works great!
What do you think?
• gojeg says:
May 19, 2009 at 9:54 am
hi, im using ubuntu server 9.04 and bind9. my server is resolving upper router so if i ping it’s domain, i
can’t get a reply..
• jdaniel says:
September 2, 2009 at 9:56 pm
If it does not work look in /var/log/syslog for errors.
• Sushil says:
September 24, 2009 at 2:46 pm
Hi Friends..
i have install ubuntu lamp server 8.10 for DNS Server..
i hav a problum at..
@@@@@@@@@@@@@@@@@@@@@@@@@@
zone “example.com” {
type master;
file “/etc/bind/zones/example.com.db”;
};
@@@@@@@@@@@@@@@@@@@@@@@@@@
What should be replaced at the place of example.com….
i know my server’s..
host name- hhhhhh
domain- local (only local, no use of .com, .org, .net etc)
• junkie says:
October 15, 2009 at 6:58 pm
$TTL 604800
@ IN SOA ns2.junkie.home. root.junkie.home. (
1;
28800;
3600;
604800;
38400;
)
NS ns2.junkie.home.
A 10.0.0.2
www CNAME @
katya A 10.0.0.3
• shah says:
October 27, 2009 at 3:10 pm
Hi, i would like to know how to configure forwarder as below:
All Domains --> forwarder 1 & forwarder 2
Domain 1 --> forwarder 3
Domain 2 --> forwarder 4
Thank you.
• dan says:
November 21, 2009 at 6:33 am
Unfortunately forwarders are part of the nameserver itself and not domain specific.
You’d have to set up a second nameserver with the other domain in it to designate a different forwarder.
There’s no reason for that, since a forwarder answers dns queries for what is not within that name
server. If your goal is to have some machines get a dns return of NXDOMAIN for some dns queries,
then multiple dns servers will be necessary.
• Rich says:
December 1, 2009 at 10:16 am
Hi All,
I had several errors also with the above tutorial, but I think its mainly down to cut and paste. In the
zone definitions part when you cut and paste it into nano (or vi presumably) it looses its quote marks “”
and causes errors when restarting bind. Hope this helps.
Rich
• Anand Phulwani says:
December 19, 2009 at 7:09 am
Rename named.conf.local to named.conf.
• Matthieu says:
February 3, 2010 at 5:55 pm
In this text, there are some citations from the book “Pro DNS and BIND” from Apress. It is published
under Creative Common License, so it is OK, as long as the work is attributed to its author…
Check for example the section about reverse mapping…
http://www.zytrax.com/books/dns/ch3/
• Dave says:
March 3, 2010 at 12:13 pm
Hi there,
Is it possible to add a second zone so I can host example.com and example2.com that resolve to two
different IP addresses in the one subnet? With MX records in each could I run two mail servers?
Thanks
• Dan says:
March 3, 2010 at 4:36 pm
Dave,
It’s very common, and entirely possible.
All that needs to be done is edit named.conf (as done in this tutorial as named.conf.local), add in
another “zone “example.com {” section pointing to another file for your second domain. Then, create
the example.com.db (named for your domain) for your new domain as done in this tutorial. Pretty
much, it’s just a rerun of this tutorial.
The MX record within your “example.com.db” is for that domain alone, so set it as you wish.
• Dave says:
March 3, 2010 at 7:43 pm
Thanks Dan I’ll be attacking this today!
Cheers for your reply.
Dave
• wepawetmose says:
March 11, 2010 at 11:48 pm
just to say thanks… this worked for me ^.^
• dada says:
March 12, 2010 at 11:01 am
I followed ur note.thank u it was great but i cannot understand why my server does not work properly.
This is when i test my domain
; <> DiG 9.6.1-P2 <> brightfuture.com.et
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30061
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;brightfuture.com.et. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Mar 11 21:56:48 2010
;; MSG SIZE rcvd: 37
pls help me .thank u guys.