Short guide to dns with bind on Fedora

I'm replacing a tinydns server with bind9, so I may as well put the setup here, as future reference.

First,

yum install bind-chroot

to install the chrooted bind server.

Next, edit the /var/named/chroot/etc/named.conf

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        recursion no;
};
//root global
//life
zone "life.org.ro" {
    type master;
    file "/etc/db.life.org.ro";
    notify yes;
};
zone "0.0.127.in-addr.arpa" {
    type master;
    file "/etc/db.localhost";
    allow-update { none; };
};
zone "58.77.82.in-addr.arpa" {
    type master;
    file "/etc/db.82.77.58.133";
};
zone "caleidoscop.org.ro" {
    type master;
    file "/etc/db.caleidoscop.org.ro";
    notify yes;
};

include "/etc/rndc.key";

I'm defining four zones: life.org.ro, reverse localhost (127.0.0.1), reverse dns for the IP and an extra host, caleidoscop.org.ro.

Now, the content of db.life.org.ro

$TTL 86400
life.org.ro. IN  SOA  a.ns.life.org.ro. hostmaster.life.org.ro (
   2006082102   ; serial
   1h   ; refresh
   15m  ; retry
   15d  ; expire
   1h ) ; negative caching
; NAMESERVER
life.org.ro. IN NS a.ns.life.org.ro.    ; nameserver
;
; hosts (canonical names)
;
life.org.ro.            IN A  82.77.58.133
a.ns.life.org.ro.       IN A  82.77.58.133
mail.life.org.ro.       IN A  82.77.58.133
www.life.org.ro.        IN A  82.77.58.133
;
; mail exchanger
;
life.org.ro.    IN MX 10 mail.life.org.ro.
; SPF records
life.org.ro.         IN TXT "v=spf1 a mx ~all"
mail.life.org.ro.    IN TXT "v=spf1 a mx -all"

The domain is registered at RNC (Romanian central dns registry) with 82.77.58.133 a.ns.life.org.ro, so I'm setting a.ns.life.org.ro as the authoritative nameserver in line 2, then define the nameserver, the hosts, mail exchanger and the SPF records (thanks to the http://openspf.org wizard). The server in itself has only one internet connection, with only one IP address, (no redundancies), so I've just defined one nameserver.

Next, the reverse IP entry for 82.77.58.133, in db.82.77.58.133

$TTL 3h
58.77.82.in-addr.arpa. IN  SOA  a.ns.life.org.ro. hostmaster.life.org.ro (
   1    ; serial
   1h   ; refresh
   15m  ; retry
   30d  ; expire
   1h ) ; negative caching

; NAMESERVER
58.77.82.in-addr.arpa. IN NS a.ns.life.org.ro.  ; nameserver
;
; hosts (canonical names)
;
133.58.77.82.in-addr.arpa.      IN PTR    life.org.ro.

Just added a PTR record for life.org.ro

Now, the file db.caleidoscop.org.ro. I've defined the host, primary name server and SPF record.

$TTL 86400
caleidoscop.org.ro. IN  SOA  a.ns.life.org.ro. hostmaster.caleidoscop.org.ro (
   1    ; serial
   1h   ; refresh
   15m  ; retry
   30d  ; expire
   1h ) ; negative caching

;
; hosts (canonical names)
;
caleidoscop.org.ro.       IN A  82.77.58.133
www.caleidoscop.org.ro.       IN A  82.77.58.133
;
; Aliases
;
;mail.life.org.ro.    IN CNAME server.life.org.ro.
;
; mail exchanger
;
caleidoscop.org.ro.    IN MX 10 mail.life.org.ro.
; SPF record
caleidoscop.org.ro. IN TXT "v=spf1 a mx ~all"

Finally, the entry for db.localhost

$TTL 3h
0.0.127.in-addr.arpa. IN SOA a.ns.life.org.ro. hostmaster.life.org.ro. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 hour

0.0.127.in-addr.arpa.  IN NS  a.ns.life.org.ro.
1.0.0.127.in-addr.arpa.  IN PTR localhost.

That's about it. I may have made some mistakes, but checking the domains with dnsreport yields good reports, so I'll leave it like this.

Comments