Short guide to dns with bind on Fedora
I'm replacing a tinydns server with bind9, so I may as well put the setup here, as future reference.
First,
yum install bind-chroot
to install the chrooted bind server.
Next, edit the /var/named/chroot/etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
recursion no;
};
//root global
//life
zone "life.org.ro" {
type master;
file "/etc/db.life.org.ro";
notify yes;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "/etc/db.localhost";
allow-update { none; };
};
zone "58.77.82.in-addr.arpa" {
type master;
file "/etc/db.82.77.58.133";
};
zone "caleidoscop.org.ro" {
type master;
file "/etc/db.caleidoscop.org.ro";
notify yes;
};
include "/etc/rndc.key";
I'm defining four zones: life.org.ro, reverse localhost (127.0.0.1), reverse dns for the IP and an extra host, caleidoscop.org.ro.
Now, the content of db.life.org.ro
$TTL 86400
life.org.ro. IN SOA a.ns.life.org.ro. hostmaster.life.org.ro (
2006082102 ; serial
1h ; refresh
15m ; retry
15d ; expire
1h ) ; negative caching
; NAMESERVER
life.org.ro. IN NS a.ns.life.org.ro. ; nameserver
;
; hosts (canonical names)
;
life.org.ro. IN A 82.77.58.133
a.ns.life.org.ro. IN A 82.77.58.133
mail.life.org.ro. IN A 82.77.58.133
www.life.org.ro. IN A 82.77.58.133
;
; mail exchanger
;
life.org.ro. IN MX 10 mail.life.org.ro.
; SPF records
life.org.ro. IN TXT "v=spf1 a mx ~all"
mail.life.org.ro. IN TXT "v=spf1 a mx -all"
The domain is registered at RNC (Romanian central dns registry) with 82.77.58.133 a.ns.life.org.ro, so I'm setting a.ns.life.org.ro as the authoritative nameserver in line 2, then define the nameserver, the hosts, mail exchanger and the SPF records (thanks to the http://openspf.org wizard). The server in itself has only one internet connection, with only one IP address, (no redundancies), so I've just defined one nameserver.
Next, the reverse IP entry for 82.77.58.133, in db.82.77.58.133
$TTL 3h
58.77.82.in-addr.arpa. IN SOA a.ns.life.org.ro. hostmaster.life.org.ro (
1 ; serial
1h ; refresh
15m ; retry
30d ; expire
1h ) ; negative caching
; NAMESERVER
58.77.82.in-addr.arpa. IN NS a.ns.life.org.ro. ; nameserver
;
; hosts (canonical names)
;
133.58.77.82.in-addr.arpa. IN PTR life.org.ro.
Just added a PTR record for life.org.ro
Now, the file db.caleidoscop.org.ro. I've defined the host, primary name server and SPF record.
$TTL 86400
caleidoscop.org.ro. IN SOA a.ns.life.org.ro. hostmaster.caleidoscop.org.ro (
1 ; serial
1h ; refresh
15m ; retry
30d ; expire
1h ) ; negative caching
;
; hosts (canonical names)
;
caleidoscop.org.ro. IN A 82.77.58.133
www.caleidoscop.org.ro. IN A 82.77.58.133
;
; Aliases
;
;mail.life.org.ro. IN CNAME server.life.org.ro.
;
; mail exchanger
;
caleidoscop.org.ro. IN MX 10 mail.life.org.ro.
; SPF record
caleidoscop.org.ro. IN TXT "v=spf1 a mx ~all"
Finally, the entry for db.localhost
$TTL 3h
0.0.127.in-addr.arpa. IN SOA a.ns.life.org.ro. hostmaster.life.org.ro. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 hour
0.0.127.in-addr.arpa. IN NS a.ns.life.org.ro.
1.0.0.127.in-addr.arpa. IN PTR localhost.
That's about it. I may have made some mistakes, but checking the domains with dnsreport yields good reports, so I'll leave it like this.