Sunday, August 19, 2012

Basic DNS configuration

Let's suppose your company acquired a new domain (mycompany.com) to address its Internet services and it's asking you to configure a DNS server to resolve the names of this services, which probably are www, mail, smtp, pop3, etc.

The steps you should follow are:
  1. Install the bind DNS server in your Linux box (a Debian 6.0.5 squeeze in my case). With
    sudo apt-get install bind9
    you will install the latest bind 9 release (9.7.3 in my case).
  2. Don't configure bind from empty files, for there are a lot of mistakes you will make even if you don't realize you made them. Avoid headaches. Instead, use the example file /etc/bind9/db.empty which already contains the SOA and NS records.
  3. From this file create both files, direct and reverse resolution:
    sergio@zeus:/etc/bind$ sudo cp db.empty db.yourcompany.com
    sergio@zeus:/etc/bind$ sudo cp db.empty db.56.168.192
    Note that in my case the LAN is 192.168.56.0/24.
  4. Edit the direct resolution file (db.yourcompany.com). Modify the SOA record and add the other records you may need. Then, it should be similar to this one:
    ; BIND direct file for yourcompany.com zone
    ;
    $TTL    86400
    @       IN      SOA     zeus.yourcompany.com. hostmaster.yourcompany.com. (
                                  1         ; Serial
                              43200         ; Refresh (12h)
                               3600         ; Retry (1h)
                            2419200         ; Expire (2 weeks)
                              86400 )       ; Negative Cache TTL
    ;
    @       IN      NS      zeus.yourcompany.com.
    @       IN      MX      10 mail.yourcompany.com.
    zeus    IN      A       192.168.56.101
    atila   IN      A       192.168.56.102
    ramses  IN      A       192.168.56.103
    www     IN      CNAME   atila
    mail    IN      CNAME   ramses
    smtp    IN      CNAME   ramses
    pop3    IN      CNAME   ramses
    I have changed some of the parameters of the SOA record, although it's unnecessary if you don't have a secondary or slave server.
  5. Now edit the reverse resolution file (db.56.168.192). Modify the SOA record and add the PTR records. The result should be something similar to:
    ; BIND reverse file for 56.168.192.in-addr.arpa IPv4 zone
    ;
    ;
    $TTL    86400
    @       IN      SOA     zeus.yourcompany.com. hostmaster.yourcompany.com. (
                                  1         ; Serial
                              43200         ; Refresh (12h)
                               3600         ; Retry (1h)
                            2419200         ; Expire (2 weeks)
                              86400 )       ; Negative Cache TTL
    ;
    @       IN      NS      zeus.yourcompany.com.
    101     IN      PTR     zeus.yourcompamy.com.
    102     IN      PTR     atila.yourcompamy.com.
    103     IN      PTR     ramses.yourcompamy.com.
    Be aware of ending the FQDN with a dot if you don't want the name of the zone to be append.
  6. Edit the file named.conf.local, where you'll configure bind to access the files already created.
    //
    // Do any local configuration here
    //

    zone "yourcompany.com" {
            type master;
            file "/etc/bind/db.yourcompany.com";
    };

    zone "56.168.192.in-addr.arpa" {
            type master;
            file "/etc/bind/db.56.168.192";
    };

    // Consider adding the 1918 zones here, if they are not used in your
    // organization
    //include "/etc/bind/zones.rfc1918";
  7. Now you might want to modify the loopback resolution files (db.local for direct and db.127 for reverse) and the broadcast reverse resolution files (db.0 and db.255) the same way you did with your zones files. Don't forget to add them up to the file named.conf.local.
  8. Restart the service with the command
    sudo service bind9 restart
    where sudo is necessary if you're not root (which I would recommend).
  9. And try to ask the server about your configuration using nslookup:
    sergio@zeus:/etc/bind$ nslookup
    > server 127.0.0.1
    Default server: 127.0.0.1
    Address: 127.0.0.1#53
    > www.yourcompany.com
    Server:        127.0.0.1
    Address:    127.0.0.1#53

    www.yourcompany.com    canonical name = atila.yourcompany.com.
    Name:    atila.yourcompany.com
    Address: 192.168.56.102
    > ramses.yourcompany.com
    Server:        127.0.0.1
    Address:    127.0.0.1#53

    Name:    ramses.yourcompany.com
    Address: 192.168.56.103
    > 192.168.56.102
    Server:        127.0.0.1
    Address:    127.0.0.1#53

    102.56.168.192.in-addr.arpa    name = atila.yourcompamy.com.
    > pop3.yourcompany.com
    Server:        127.0.0.1
    Address:    127.0.0.1#53

    pop3.yourcompany.com    canonical name = ramses.yourcompany.com.
    Name:    ramses.yourcompany.com
    Address: 192.168.56.103
    > set q=MX
    > yourcompany.com
    Server:        127.0.0.1
    Address:    127.0.0.1#53

    yourcompany.com    mail exchanger = 10 mail.yourcompany.com.
    > exit
  10. If you want your DNS server to query itself, just configure the /etc/resolv.conf file to look like this:
    domain yourcompany.com
    search yourcompany.com
    nameserver 127.0.0.1

1 comment: