Gernot Walzl

The domain name system (DNS) resolves hostnames (e.g. www.example.net) to IP addresses.
BIND is the most used DNS server on the internet.

This tutorial shows how to configure a subdomain in BIND 9 on Debian 10 (buster).

Contents

• Installation
• Domain
• Firewall
• Configuration
  • Zone
  • Reload
• Test
• Dynamic Updates
  • Configuration
  • Client
• External Links with further Information

Installation

The official Debian repository includes BIND 9:
apt-get install bind9

Domain

To run a name server for a subdomain sub.example.net,
the following records are relevant in the zone of the domain example.net:

sub      IN  NS    ns1.sub.example.net.  ; name server for subdomain sub.example.net
ns1.sub  IN  A     192.0.2.1             ; IPv4 address of ns1.sub.example.net
ns1.sub  IN  AAAA  2001:db8:10::1        ; IPv6 address of ns1.sub.example.net

Firewall

The DNS server ns1.sub.example.net needs to accept incoming packages
on the following ports:

• TCP port 53
• UDP port 53

Configuration

The zone file for sub.example.net needs to be specified in the configuration file
/etc/bind/named.conf.local:

zone "sub.example.net" {
    type master;
    file "/var/lib/bind/db.sub.example.net";
};

Zone

The zone file defines records for a (sub)domain. The example for
the subdomain sub.example.net includes the following configuration:

• "@" is an alias for the zone itself (sub.example.net).
• The default time to live (TTL) for each record is set to 86400 seconds (1 day).
• The start of authority (SOA) record contains administrative information
  about the zone: name server, mail address, serial number, ...
• The name server ns1.sub.example.net for the subdomain sub.example.net is
  specified in the NS record.
• IPv4 addresses are stored in A records.
• AAAA records contain IPv6 addresses.

The content of the zone file /var/lib/bind/db.sub.example.net looks like this:

$TTL  86400
@         IN  SOA   ns1.sub.example.net. root.example.net. (
                    2020042301    ; Serial  (YYYYMMDDxx)
                          3600    ; Refresh  (1 hour)
                           600    ; Retry  (10 mins)
                        604800    ; Expire  (7 days)
                          1800 )  ; Negative Cache TTL  (30 mins)

@         IN  NS    ns1.sub.example.net.
ns1       IN  A     192.0.2.1
ns1       IN  AAAA  2001:db8:10::1

; other hostnames
somehost  IN  A     192.0.2.10
another   IN  A     192.0.2.11

Reload

The following command reloads the configuration:
rndc reload

Test

Install the dnsutils package:
apt-get install dnsutils

Verify that the DNS lookup returns the correct IP address:
nslookup somehost.sub.example.net

Dynamic Updates

Updating the DNS records is useful when IP addresses are dynamically assigned.
For instance, DHCP servers automatically assign IP addresses to hosts.

Configuration

The following command generates a random rndc key and
prints a configuration example to the terminal:
rndc-confgen

The configuration file /etc/bind/named.conf.local allows a client
to update DNS records of sub.example.net with an rndc key:

include "/etc/bind/rndc.key";

zone "sub.example.net" {
    type master;
    file "/var/lib/bind/db.sub.example.net";
    allow-update { key "rndc-key"; };
};

Client

For updating DNS records, the following command line tool is used:
nsupdate

These commands update the IPv4 address of somehost.sub.example.net:
key rndc-key C3...DQ==
update delete somehost.sub.example.net A
update add somehost.sub.example.net 86400 A 192.0.2.123
send

External Links with further Information

• https://www.isc.org/bind/
• https://tools.ietf.org/html/rfc1035
• https://en.wikipedia.org/wiki/Zone_file
• https://wiki.debian.org/Bind9

CONTENT.html

2020-05-21

5.42 KB