Ubuntu: DNS Server

We will configure a DNS server on a Ubuntu machine. This server will act as the master DNS for the local domain in this example, which is example.com. First, get the bind9 and the utility package with the commands

sudo apt-get install bind9
sudo apt-get install dnsutils

Now, add the "zone" (domain) to /etc/bind/named.conf.local. Use your favourite text editor to edit that file. and add the following (you will need the super user privilege to edit the file).

zone "example.com" {
 type master;
    file "/etc/bind/db.example.com";
};

zone "1.168.192.in-addr.arpa" {
     type master;
     notify no;
     file "/etc/bind/dbreverse.example.com";
};

From the above example, two zones are created. First is example.com zone. This zone will have entry of hosts stored in file /etc/bind/db.example.com, which will need to be created later. The second zone is 1.168.192.in-addr.arpa, the reverse zone which will holds the entry to resolv ip address to hostname. You need to change 1.168.192 with whatever private network address that you need in reverse order. If you use network 192.168.0.0/16, then the zone name must be 168.192.in-addr.arpa. Recognize that all of the db files are referenced with the absolute path, if relative path is given, bind9 will start finding the file from /var/cache/bind, like how it is configured in /etc/bind/named.conf.options.

Now, create the file, db.example.com in /etc/bind. Add the following to the file.

$TTL    604800
@       IN      SOA     ns.example.com. root.example.com. (
                     2011010101         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.example.com.
@       IN      MX 10  mail.example.com.

ns      IN      A       192.168.1.133
mail IN  A  192.168.1.140
host1 IN  A  192.168.1.1
gateway IN      CNAME   host1

In this file, the ";" sign mark the start of a comment, and whatever follows will be ignored by the DNS parser. The first line is the TTL value, this value tells how long does other DNS server can cache infomation queried from this server. The next line is the State of Authority record. The @ symbol is a shotcut for the zone name declared in /etc/bind/named.conf.local, IN specify that this DNS resource is the internet class. We will use this value most often. SOA should always be there. The next entry is the hostname of the DNS server that could provide DNS service for the domain. You can specify the FQDN of the nameserver, but remember to always put a dot at the end of the name server. The nxt entry is the email address of someone who is responsible of this zone, remember to always put a dot at the end of the entry if it is a FQDN. the next fields consists of several entries that are enclosed with a set of parenthesis. Those are

• Serial. This number should always be incremented everytime a change has been made to the file. Most people will use the yyyymmddnn format, with the nn is the sequence number, giving you the feasible value of 00-99 for a day.
• Refresh Interval. This is the value in seconds after which a slave DNS server will update its zone and reverse zone information from the master
• Retry. This is the value in which if a slave DNS server failed to contact the master to update its zone and reverse information, should retry to contact the master after the amount of this value has elapsed. This value should be much smaller than the Refresh value.
• Expiration. This is the amount of time which information in slave DNS server should be considered expired. If a slave DNS server failed to update its zone and reverse information and the amount of time in this entry has elapsed, it will stop responding queries asking information about this domain.
• Negative Cache TTL. The amount of time that a negative response, such as a nonexistent domain response, will be cached by the DNS server.

The next part of the file is the entry that defines hostname to ip address. As can be seen, there is a nameserver, mail, host and alias entry. The nameserver record, marked with NS specify what is the name of the nameserver in this zone. The mx record, which is the mailserver record looks the same as the NS record except that it uses MX and there is a sequence number, in this case 10, specifying which mailserver will be preffered in the domain. Both of the records point to a hostname, therefore we need to specify the ip address of those hostname and that is done with the A record. The CNAME record specify an alias, in this example gateway is an alias for host1 and therefore, both will resolv to the same address. You can modify the value of this entries based on your requirement.

Next, create the reverse zone file information. Create the /etc/bind/dbreverse.example.com and fill the file with the following.

$TTL    604800
@       IN      SOA     ns.example.com. root.example.com. (
                     2011010101         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@        IN      NS      ns.example.com.
133      IN      PTR     ns.example.com.
140      IN      PTR     mail.example.com.
1        IN      PTR     host1.example.com.

Basically, in the reverse zone file you have to create a PTR record for each A record in the zone file. Now restart bind9 with the command

sudo /etc/init.d/bind9 restart

Next, add an entry of your newly configured nameserver in /etc/resolv.conf. add the following line to the beginning of file

nameserver 192.168.1.133

Change 192.168.1.133 to whatever your DNS server ip address is. Then, you can verify your configuration by using the dig command. Try the following command,

dig ns.example.com

If your configuration is working, it should give an output similar to this

; <<>> DiG 9.7.0-P1 <<>> ns.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47515
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;ns.example.com.                        IN      A

;; ANSWER SECTION:
ns.example.com.         604800  IN      A       192.168.1.133

;; AUTHORITY SECTION:
example.com.            604800  IN      NS      ns.example.com.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Oct  2 21:21:32 2010
;; MSG SIZE  rcvd: 62