BIND - DNS

by Clint Pate MCSE/CNA

BIND DNS SERVER

What is the difference between BIND and DNS ?

DNS is the Domain Name System, a set of protocols for a distributed database that was originally designed to replace /etc/hosts files. DNS is most commonly used by applications to translate domain names of hosts to IP addresses. A client of the DNS is called a resolver; resolvers are typically located in the application layer of the networking software of each TCP/IP capable machine. Users typically do not interact directly with the resolver. Resolvers query the DNS by directing queries at name servers that contain parts of the distributed database that is accessed by using the DNS protocols.
(Resolver = client)

DNS' usually refers just to the data in the database. BIND (Berkeley Internet Name Domain) is an implementation of DNS, both server and client. Development of BIND is funded by the Internet Software Consortium

DNS Under Linux = BIND

The most heavily used DNS server on the Internet is the Berkley Internet Name Domain system (BIND). BIND is open source and available from the Internet Software Consortium for free. It is the most simple of DNS Servers, yet the most robust, and the most widely used on all the net.

BIND/DNS
DNS is just a shared database of domain names and their appropriate IP address. Name servers, more commonly and ironically called DNS servers, hold these databases. Most of the time, they are Unix-type machines running a version of Berkley Internet Naming Daemon (BIND).

DNS Levels
Root-Level Domain Servers

Referenced by (.)
(.com, .edu, etc.) (ms.com & subdomain/children) (clients on LAN)

Top-Level Domain Servers

Second-Level Domain Servers

Hosts

BIND
Because BIND is Unix-based, installation can be a nightmare. Downloading BIND, however, is easy. Get it here:

http://www.ics.org

All you have to do is download the install file to an empty directory; then enter the following command into the prompt:

gunzip < bind-src.tar.gz | tar xf This will extract the BIND source code into the current directory. After extraction is complete, you will need to compile the source code. It would be nearly impossible to explain how to install it on every given machine that it can be installed on, so your best bet is to check out the src/INSTALL file for instructions straight from ICS.

BIND Functions
BIND, as well as other DNS server packages, doesn't just store translation information between domain names and IP address. (More can be found out about how DNS works here.) Aside from the "A" record, which translate a host name into an IP address, there are many other types of records in a DNS database. Below are a few, with a quick rundown of each, and their function.

BIND Functions
CNAME: CNAME is a pointer to another host. The use of the CNAME entry is very important if one wishes to refer to the same machine as mail.host.com, pop.host.com and even smtp.host.com. CNAME records generally point to a record defined by the "A" Record. An Entry looks like:

Secondaryhost.domain.com. IN CNAME host.domain.com

SOA (Start of Authority): This holds some administrative information about the domain records for which the server has some authority. It is a must-have for all DNS databases. This record also holds the time to live information for all records in its database. A: This is the record that makes everything possible. It is the record that actually maps the domain name to the IP address. An example entry would look something like:

hostname.domain.com. IN A 192.168.0.2.

MX (Mail Exchanger): If you want to offer e-mail, this is the record for you. MX defines which computer will act as the mail server for a certain domain. A sample entry would look like:

Domain.com. 10 IN MX hostnameofmailserver.domain.com Domain.com is the name of the domain you wish to use for e-mail. Using this setup, the Webmaster's e-mail address would be webmaster@Domain.com. The Webmaster would log in to check his or her e-mail by using hostnameofmailserver.domain.com as a POP and SMTP server. The number "10" signifies the priority of the mail server. This comes in handy for large systems that have a back-up e-mail server or two.

PTR: Although PTR records can be used in many ways, they are most commonly used for reverse DNS look ups, also known as inaddr.arpa lookups. in-addr.arpa PTR records are the exact opposite of A records. The in-addr.arpa PTR record for the sample A record above would look like this:

2.0.168.192.in-addr.arpa IN PRT hostname.domain.com. PTR in-addr.arpa records are used mainly for security issues, to verify that a computer actually is what it says it is.

NS (Name Server): NS records simply identify the authoritative name server for a domain. There must be at least two of these records for every domain. A sample entry looks like:

Domain.com. IN NS nameserver.whereever.com.

Domain Name Server (DNS) Configuration

Two of the most popular ways to configure the program Bind to perform DNS services is in the role of (1) ISP or (2) Web Host.

In an ISP configuration the DNS server must resolve IP addresses for any URL the user wishes to visit. (See DNS caching server) In a purely web hosting configuration, Bind will only resolve for the IP addresses of the domains which are being hosted. This is the configuration which will be discussed and is often called an "Authoritative-only Nameserver".

When resolving IP addresses for a domain, Internic is expecting a "Primary" and a "Secondary" DNS name server. (Sometimes called Master and Slave) Each DNS name server requires the file /etc/named.conf and the files it points to.

BIND Configuration File

Note on Bind versions: Mandrake 8.1 uses Bind version 9. Red Hat versions 6.x used Bind version 8. Release 7.1 of Red Hat began using Bind version 9 and the GUI configuration tool bindconf was introduced for those of you that like a pretty point and click interface for configuration.

Examples of Files
Role - Primary server (master):

Location - File: /etc/named.conf

EX:

Examples of Files
Role - Secondary server (slave):

Location - File: /etc/named.conf

EX:

Testing DNS
Test DNS:

Test the name server with the nslookup command in interactive mode: nslookup
> server your-nameserver-to-test.domain.com

> node.domain-to-test.com > exit Test the MX record if appropriate:

nslookup -querytype=mx domain-to-test.com

DNS Conclusion
DNS is one of the most least understood and most important aspects of the Internet. If it weren't for DNS names, the world of dot-coms wouldn't be known by such names as "amazon.com" but rather by numbers like, 101.102.103.1.

The DNS Webmin GUI > BIND

The Other DNS Servers page allows you to configure the behavior of DNS servers that BIND will communicate with in one way or another in a zone transferring relationship. This allows you to explicitly configure several aspects of the transfer relationship for each server.

Forwarding and Transfers

This page allows you to configure parent DNS servers. Here, you declare what servers your BIND can query and how to behave towards them.

Defaults for New Master Zones

Here you can define several default options for new zones on your server, and zones for which you provide backup service.

Creating a New Zone

To create a new zone, click on one of the zone creation links in the Existing DNS Zones section of the screen.

Creating a Reverse Master Zone

After creating a forward master zone, you should then return to the main BIND module page and create another master zone. This time, you will choose to create a reverse zone, in order to provide mapping from IP addresses to names.

Adding Records to a Master Zone

Address - An address record allows you to enter the hostname, the timeto-live, and the address for a host. Every host on your network should have an Address Record.

Creating a Slave or Stub Zone

Slave and Stub zones are created in exactly the same way, and are quite similar in some ways though their purposes are very different. Slave zones keep a complete copy in memory, and sometimes also on disk, of a zone that it receives via a zone transfer from a master zone. A slave zone can answer any queries for a zone, and as long as network connectivity remains intact between the master and slave, and the servers are configured correctly, it will stay in sync with the master server. A stub zone also syncs to a master server, however it only keeps NS and SOA record information from the master server. This allows BIND to keep up with delegation information automatically.

Creating a Slave Zone

The only information required is the domain name or the network and the addresses of one or more master nameservers. This is very simple!

Creating a Forward Zone

A forward zone is simpler still. It's only possible configuration options are whether it is a forward (name to address) or reverse (address to name) zone type, the name or network of the domain, and the master servers to forward requests to. A forward zone is just specific instructions for BIND that it should forward requests for a specific zone to one or more specific name servers. BIND does not perform zone transfers with a forward zone, as it does in the case of slave and stub zones.

DNS Options
Free DNS

http://www.everydns.net
http://www.infoblox.com/ BIND DNS (MS, etc.)

Hardware

Software

Bind/DNS Links
DNS RFC's Bind docs directory (Find it yourself) More on load balancing and round robin schemes LDP DNS-HOWTO ACME: DNS resources DNS Security pressentation - Cricket Liu (coauthor of DNS and Bind DNS Security Paper - Craig Rowland GraniteCanyon.com: Free DNS hosting - If you don't want to set it up, have someonw do it for you. EveryDNS.net - Free DNS Secondary.com - Free secondary names server hosting (five or fewer domains) UltraDNS.com - Outsourced DNS management and service OpenNIC - These people actually want to become an alternative to ICANN with their own DNS network. DynDNS/TODD - Dynamic DNS for those with dynamic IP addresses. (i.e. dial-up game servers etc.) Internet Software Consortium (ISC) Home Page - ISC Bind Home