BIND
The domain name system (DNS) resolves hostnames (e.g. www.example.net
) to IP addresses.
BIND is the most used DNS server on the internet.
This tutorial shows how to configure a subdomain in BIND 9 on Debian 10 (buster).
Contents
- Installation
- Domain
- Firewall
- Configuration
- Test
- Dynamic Updates
- External Links for further Information
Installation
The official Debian repository includes BIND 9:
apt-get install bind9
Domain
To run a name server for a subdomain sub.example.net
,
the following records are relevant in the zone of the domain example.net
:
sub IN NS ns1.sub.example.net. ; name server for subdomain sub.example.net ns1.sub IN A 192.0.2.1 ; IPv4 address of ns1.sub.example.net ns1.sub IN AAAA 2001:db8:10::1 ; IPv6 address of ns1.sub.example.net
Firewall
The DNS server ns1.sub.example.net
needs to accept incoming packages
on the following ports:
- TCP port 53
- UDP port 53
Configuration
The zone file for sub.example.net
needs to be specified in the configuration file
/etc/bind/named.conf.local
:
zone "sub.example.net" { type master; file "/var/lib/bind/db.sub.example.net"; };
Zone
The zone file defines records for a (sub)domain. The example for
the subdomain sub.example.net
includes the following configuration:
- "
@
" is an alias for the zone itself (sub.example.net
). - The default time to live (TTL) for each record is set to 86400 seconds (1 day).
- The start of authority (SOA) record contains administrative information
about the zone: name server, mail address, serial number, ... - The name server
ns1.sub.example.net
for the subdomainsub.example.net
is
specified in the NS record. - IPv4 addresses are stored in A records.
- AAAA records contain IPv6 addresses.
The content of the zone file /var/lib/bind/db.sub.example.net
looks like this:
$TTL 86400 @ IN SOA ns1.sub.example.net. root.example.net. ( 2020042301 ; Serial (YYYYMMDDxx) 3600 ; Refresh (1 hour) 600 ; Retry (10 mins) 604800 ; Expire (7 days) 1800 ) ; Negative Cache TTL (30 mins) @ IN NS ns1.sub.example.net. ns1 IN A 192.0.2.1 ns1 IN AAAA 2001:db8:10::1 ; other hostnames somehost IN A 192.0.2.10 another IN A 192.0.2.11
Reload
The following command reloads the configuration:
rndc reload
Test
Install the dnsutils
package:
apt-get install dnsutils
Verify that the DNS lookup returns the correct IP address:
nslookup somehost.sub.example.net
Dynamic Updates
Updating the DNS records is useful when IP addresses are dynamically assigned.
For instance, DHCP servers automatically assign IP addresses to hosts.
Configuration
The following command generates a random rndc key and
prints a configuration example to the terminal:
rndc-confgen
The configuration file /etc/bind/named.conf.local
allows a client
to update DNS records of sub.example.net
with an rndc key:
include "/etc/bind/rndc.key"; zone "sub.example.net" { type master; file "/var/lib/bind/db.sub.example.net"; allow-update { key "rndc-key"; }; };
Client
For updating DNS records, the following command line tool is used:
nsupdate
These commands update the IPv4 address of somehost.sub.example.net
:
key rndc-key C3...DQ==
update delete somehost.sub.example.net A
update add somehost.sub.example.net 86400 A 192.0.2.123
send
External Links for further Information
CONTENT.html | 2020-06-03 | 5.4 KB |