This rather informative article will show you how to set up and most importantly configure the BIND DNS server.

To start off, before we begin, it is highly recommended that you have at least two cloud servers to run your nameservers. Two nameservers are suggested to assure your secondary and primary servers are redundant in the unlikely case of failure. You might want to think about using two different POP's as well. For example, We have used Limerick 1 and Cork 1 for the purpose of this rather informative guide. We will assume you are configuring both a secondary and primary name server.

It is also worth taking note of that if you are managing large quantities of domains may not be the best solution, as you will inevitably need to manually add domains on both the slave and master nameservers. With all of that being mentioned, running your very own nameservers is an amazing way to have more direct control over your hosting infrastructure.

With every and any server, It is crucial to determine that your system is up-to-date. You can double-check this by checking for updates using yum as follows:

yum update -y

Initial BIND Installation

To start off, we will need to install the BIND and BIND utilities packages using yum

yum install bind bind-utils -y

For the next step we'll open the BIND (named) configuration file and make several modifications.

nano -w /etc/named.conf

Your options section should appear as follows, replacing 1.2.1.2 with the IP of your second server

>options {
#listen-on port 53 { 129.1.1.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { localhost; 1.2.1.2; };
recursion no;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

Above, listen on must be commented to listen to ALL available interfaces. Recursion must be turned off to prevent your server from being abused in reflection of Distributed Denial of Service attacks. The allow transfer directive whitelists transfers to your secondary server's IP. Furthermore, we have changed the allow-query directive to "any" in order to allow all the users to have proper access to hosted zones.

For the next step, we'll want to add a new zone to our very first domain, you should add the following to your named.conf below the existing zones.

zone "mydomain.com" IN {
type master;
file "mydomain.com.zone";
allow-update { none; };
};

After saving the named.conf with the changes above, we're ready to create our very first zone file!

Configure BIND Zones

Firstly, we'll need to open the zone file, using the name you specified in the configuration above. e.g: mydomain.com.zone

nano -w /var/named/mydomain.com.zone

Now we'll add the following content to our newly created file. You should replace the applicable information with your own, where 1.2.1.2 is the IP of your first server and 2.1.2.1 if the IP of your second server, and 1.3.1.3 is the IP you wish to point the domain itself to, such as a server running a web server. You are free to add additional entries in the same format

$TTL 86400
@ IN SOA ns1.mydomain.com. root.mydomain.com. (
2013042201 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
; Specify our two nameservers
IN NS ns1.mydomain.com.
IN NS ns2.mydomain.com.
; Resolve nameserver hostnames to IP, replace with your two VPS IP addresses.
ns1 IN A 1.2.1.2
ns2 IN A 2.1.2.1
; Define hostname -> IP pairs which you wish to resolve
@ IN A 1.3.1.3
www IN A 1.3.1.3

We can now start named for the very first time. This may take a few minutes while named generates the rndc.key file, which only ever occurs on the first execution.

service named restart

As soon as named has started successfully, we'll want to ensure that it is enabled as a startup service, by running the following command:

chkconfig named on

At this point, we should have a fully operational primary nameserver. You can verify that BIND is working correctly by running this command, obviously replacing 1.2.1.2 with the IP of your first cloud server.

Dig @1.2.1.2 mydomain.com

If you receive a response which includes an answer and authority section, your nameserver has been configured correctly.

Slave Nameserver Configuration

Now that our primary nameserver has been configured, we'll now set up a slave nameserver on our cloud server. As always, please assure your system is up-to-date by checking for updates with the "yum" Command as follows:

yum update -y

We can start installing BIND and it's utilities on the second cloud server, in the same way as we did the first.

yum install bind bind-utils -y

We'll proceed by opening named.conf and making the changes we made previously, omitting the "allow transfer" line. This directive is really unnecessary as we will only be transferring records from our primary name server.

nano -w /etc/named.conf

options {
#listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

We will now add the zone we configured on the first cloud server, this time changing "type" directive to slave instead of master. You should replace "1.2.1.2" With your first cloud server's IP address.

zone "mydomain.com" IN {
type slave;
masters { 1.2.1.2; };
file "mydomain.com.zone";
};

As soon as you have configured the slave server, we'll start named. Once again, this may take a couple of minutes while our rndc.key file is initially generated.

service named start

As with the first cloud server, we want to assure named is set to run at startup with the following command:

chkconfig named on

Your slave nameserver should be all up and running now. You can double-check that it is fully operational by using the dig command again, replacing 2.1.2.1 with the IP of your second cloud server:

dig @2.1.2.1 my domain.com

After any changes that you make to the master zone files, you will need to instruct BIND to reload. Just make sure to remember, you must also increment the "serial" directive to ensure synchronicity between the master and slave.
To reload the zone files, simply run the following command on the master nameserver and then followed by the slave server:

rndc reload

BIND in a chroot environment

It is advisable to install the additional package "bind chroot" Which will drop the privileges of BIND into a chroot environment.

To our luck, the CentOS package makes this incredibly simple. The only aspect worth nothing is that active paths for BIND will change to their chrooted equivelants, e.g: /var/named becomes /var/named/chroost/var/named with CentOS 6, you will not be required to move any files as the package automatically creates hard symlinks to the non chrooted directories.

If you wish to enable this feature for added security which it is able to provide, you can just run the following command:

yum install bind-chroot -y
service named restart

 

Was this answer helpful? 3 Users Found This Useful (55 Votes)