Saturday, May 21, 2016

setup dns server using bind9

*** setup information ***
create- forwarder zone: pypi.repo
          - reverse lookup zone: 10.0.3.x
          - dns forwarder to: 8.8.8.8 and 8.8.4.4
          - network allowed to query: 10.0.3.0/24, 127.0.0.0 and 192.168.0.0/16
 

1- install bind9 package
$ sudo apt-get install bind9

2- create two new zones pypi.repo and 3.0.10.in-addr.arpa by modify file /etc/bind/named.conf.default-zones as below

zone "." {
    type hint;
    file "/etc/bind/db.root";
};


zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "pypi.repo" {
    type master;
    file "/etc/bind/pypi.db";
};
zone "3.0.10.in-addr.arpa" {
    type master;
    file "/etc/bind/3-0-10.db";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};


3- create file /etc/bind/pypi.db for pypi.repo zone with the following content
$TTL    604800
@    IN    SOA    pypi.repo. root.pypi.repo. (
                  2        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    pypi.repo.
@    IN    A    10.0.3.1
www    IN    A    10.0.3.1
a    IN    CNAME    www
mail    IN    CNAME    www
@    IN    MX    10 mail.pypi.repo.
@    IN    AAAA    ::1




4- create file /etc/bind/3-0-10.db for 3.0.10.in-addr.arpa zone with the following content
$TTL    604800
@    IN    SOA    pypi.repo. root.pypi.repo. (
                  1        ; Serial
             604800        ; Refresh
              86400        ; Retry
            2419200        ; Expire
             604800 )    ; Negative Cache TTL
;
@    IN    NS    pypi.repo.
1    IN    PTR    mail.pypi.repo.


5- update bind9 options to allow networks that listed in ***setup information*** by up file /etc/bind/named.conf.options to below
options {
    directory "/var/cache/bind";
    forwarders {
         8.8.8.8;
         8.8.4.4;
    };

    #dnssec-validation auto;
    allow-query {
        10.0.3.0/24;
        192.168.0.0/26;
        127.0.0.0/24;
    };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};


6- restart bind9 service now you have a running dns server.
$ sudo /etc/init.d/bind9 restart

No comments:

Post a Comment