Full configuration of BIND and DNS on the new server
After buying a VPS or dedicated server at a vendor usually we get the IP address and host name, which is more like another order number, domain provider. In contrast, today introduce how to install and configure BIND for domains.
THE:
DNS server configuration.
Basic will be on my VPS server, while the creation of the reserve will use one of the free services of maintaining the DNS freedns.42.pl.
Changing the host name
The name of the new server, you can check command:
1 | hostname -f |
Configuration hostname:
Edit your nano /etc/hosts
1 | nano nano /etc/hosts |
The file should look like this:
1 2 3 4 5 6 7 | 127.0.0.1 localhost.localdomain localhost 185.38.250.250 node.serwerweb.pl node # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters |
the next step is to edit the file nano / etc / hostname
1 | nano nano /etc/hostname |
And we enter the hostname node
We make a server restart.
When you log into the console, we can verify all the commands:
1 2 | hostname hostname -f |
1 2 3 4 | root@node:/tmp# hostname node root@node:/tmp# hostname -f node.serwerweb.pl |
Go to the main configuration Binda.
In the beginning, make sure, that is installed BIND name server. In case if it has not yet been, This installation looks like this:
1 | apt-get install bind9 |
securing BIND
BIND is quite common program, therefore, it is polite to use security, namely it to close environment chrootowalnym. You must first stop the whole service
1 | /etc/init.d/bind9 stop |
Then edit the file / etc / default / bind9, and change the value of the parameter OPTIONS, to make it look like this:
1 | OPTIONS="-u bind -t /var/lib/named" |
Next you need to create new folders and reorganize the default directories created by the program to new location:
1 2 3 4 5 | # Utworzenie katalogów mkdir -p /var/lib/named/etc mkdir -p /var/lib/named/var/cache/bind mkdir /var/lib/named/var/run mkdir /var/lib/named/dev |
1 2 | # Przeniesienie plików konfiguracyjnych BINDa mv /etc/bind /var/lib/named/etc |
If you leave the site transferred directory symbolic link:
1 | ln -s /var/lib/named/etc/bind /etc/bind |
It is also necessary to create a null and random devices and give the appropriate rights:
1 2 3 | # Urządzenia mknod /var/lib/named/dev/null c 1 3 mknod /var/lib/named/dev/random c 1 8 |
1 2 3 4 | # Uprawnienia do plików i katalogów chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random chown -R bind:bind /var/lib/named/var/* chown -R bind:bind /var/lib/named/etc/bind |
BIND is closed environment chrootowalnym. There remains the solution to the problem of logging. To events were logged into the system logs should be slightly modify the file / etc / default / syslogd. You should find there SYSLOGD line parameter and modify it, that looked like:
1 | SYSLOGD="-a /var/lib/named/dev/log" |
It remains only to restart sysklogd services and the launch of bind9.
1 | /etc/init.d/sysklogd restart |
1 | /etc/init.d/bind9 start |
The log / var / log / syslog you a preview if everything is properly launched.
And now you can go to the proper settings
First, check the file /etc/bind/named.conf
In my case, you see, it is divided into sub-parts of the files you include: named.conf.options i named.conf.local
We start by checking the file named.conf.options, because, in principle, in my case, the default settings are for the time being as the most adequate, and it looks something like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; |
Next, you will need to have something to write and edit the file named.conf.local, where is defined zones supported by the server. At the end of the file writes my zone:
1 2 3 4 5 6 7 8 9 | zone "serwerweb.pl" { type master; file "/etc/bind/serwerweb.pl"; notify yes; allow-transfer { 195.80.237.194; 193.70.13.218; }; }; |
Type master is referenced, it is a basic type.
File points to a file with the details for that domain. Given here is the absolute address to the file, which you will need to create a moment. Giving the same file name here, directory where the file should be found in the directory specified in the parameter file directory named.conf.options.
Notify yes powoduje, that about any changes in the entry shall be communicated to the primary DNS is also up.
Allow-transfer defines the IP addresses, which will have permission to download this zone, Here are just a specific DNS server addresses mentioned at the beginning of the service freedns.42.pl, which will provide backup servers here (secondary)
Then create a file indicated above with entries for the domain /etc/bind/serwerweb.pl
1 | nano /etc/bind/serwerweb.pl |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | $TTL 86400 $ORIGIN serwerweb.pl. @ IN SOA ns1.serwerweb.pl. boss.serwerweb.pl. ( 2018040301 ;; serial 10800 ;; refresh 3600 ;; retry 604800 ;; expire 10800 ;; TTL ) @ IN NS ns1.serwerweb.pl. @ IN NS ns2.serwerweb.pl. @ IN NS ns3.serwerweb.pl. @ IN A XX.XX.XX.XX ns1 IN A XX.XX.XX.XX ns2 IN A 193.70.13.218 ns3 IN A 195.80.237.194 ;; poczta @ IN MX 10 mail mail IN A XX.XX.XX.XX ;; serwer www www IN A XX.XX.XX.XX ftp IN CNAME @ |
In brief:
$TTL - specifies the time validity of the results (in seconds)
$ORIGIN - domain name. Later in the @ is precisely this value.
When the file appears somewhere in the domain name then you have to finish it dot, otherwise the domain name is appended (value of $ ORIGIN)
@ IN SOA ... - Start Of Authority announces the primary DNS server, and who manages it (e-mail written with a dot in place of the monkey)
As is clear from the file I have defined for your domain up to three DNS servers. In two completely suffice here.
The first basic ns1.serwerweb.pl supported by my server, where the domain will also be installed, two more (ns2.serwerweb.pl i ns3.serwerweb.pl) This addresses backups created on the site freedns.42.pl.
Before moving to the zone configuration backup, should approve the changes by restarting the service bind9
1 | service bind9 restart |
You can still check that all entries made just for the zone are correct calling such a program:
1 2 3 | named-checkzone serwerweb.pl /etc/bind/serwerweb.pl zone serwerweb.pl/IN: loaded serial 2018040301 OK |
If something did not agree or has committed a typo this drastic program will inform, roughly where to look for error.
In addition, the following command you can check if a domain has been correctly added (should appear after the)
1
1 | named -g 2>&1 | grep loaded |
That's all, we have a fully configured correctly BIND.
named-checkzone sysadmin.info.pl /etc/bind/sysadmin.info.pl
dns_rdata_fromtext: /etc/bind/sysadmin.info.pl:14: near ‘XX.XX.XX.XX’: bad dotted quad
dns_rdata_fromtext: /etc/bind/sysadmin.info.pl:15: near ‘XX.XX.XX.XX’: bad dotted quad
dns_rdata_fromtext: /etc/bind/sysadmin.info.pl:21: near ‘XX.XX.XX.XX’: bad dotted quad
dns_rdata_fromtext: /etc/bind/sysadmin.info.pl:24: near ‘XX.XX.XX.XX’: bad dotted quad
zone sysadmin.info.pl/IN: loading from master file /etc/bind/sysadmin.info.pl failed: bad dotted quad
zone sysadmin.info.pl/IN: not loaded due to errors.
How to fix it?
Xx.xx.xx.xx replaced by a public IP address from the Internet Service Provider (ISP). It works.
Hello,
However, as most would have recommended you buy a server in a particular company when you have a fixed IP address and the certainty that he will not change .
If your ISP is able to give constant there is no problem so you can afford to act.
root@node:/# systemctl status bind9.service
● bind9.service – BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2020-10-10 02:50:03 HONOR; 13s ago
Docs: man:named(8)
Process: 1659 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=1/FAILURE)
oct 10 02:50:03 node named[1660]: couldn’t mkdir ‘//run’: Permission denied
oct 10 02:50:03 node named[1660]: could not create //run/named/session.key
oct 10 02:50:03 node named[1660]: failed to generate session key for dynamic DNS: permission denied
oct 10 02:50:03 node named[1660]: sizing zone task pool based on 5 zones
oct 10 02:50:03 node named[1660]: could not configure root hints from ‘/usr/share/dns/root.hints’: f
oct 10 02:50:03 node named[1660]: loading configuration: file not found
oct 10 02:50:03 node named[1660]: exiting (due to fatal error)
oct 10 02:50:03 node systemd[1]: bind9.service: Control process exited, code=exited, status=1/FAILUR
oct 10 02:50:03 node systemd[1]: bind9.service: Failed with result ‘exit-code’.
oct 10 02:50:03 node systemd[1]: Failed to start BIND Domain Name Server.
You've made all the steps for sure as they should be?
oct 10 02:50:03 node named[1660]: couldn’t mkdir ‘//run’: Permission denied
oct 10 02:50:03 node named[1660]: could not create //run/named/session.key
The very first message indicates that you do not have permissions and cannot create the peak.