BIND DNS

1
BIND - DNS

• by Clint Pate MCSE/CNA

2
BIND DNS SERVER
3
What is the difference between BIND and DNS ?

• DNS is the Domain Name System, a set of protocols
  for a distributed database that was originally
  designed to replace /etc/hosts files.
• DNS is most commonly used by applications to
  translate domain names of hosts to IP addresses.
• A client of the DNS is called a resolver
  resolvers are typically located in the
  application layer of the networking software of
  each TCP/IP capable machine.
• Users typically do not interact directly with the
  resolver. Resolvers query the DNS by directing
  queries at name servers that contain parts of the
  distributed database that is accessed by using
  the DNS protocols. (Resolver client)
• DNS' usually refers just to the data in the
  database.
• BIND (Berkeley Internet Name Domain) is an
  implementation of DNS, both server and client.
  Development of BIND is funded by the Internet
  Software Consortium

4
DNS Under Linux BIND

• The most heavily used DNS server on the Internet
  is the Berkley Internet Name Domain system
  (BIND).
• BIND is open source and available from the
  Internet Software Consortium for free.
• It is the most simple of DNS Servers, yet the
  most robust, and the most widely used on all the
  net.

5
BIND/DNS

• DNS is just a shared database of domain names and
  their appropriate IP address. Name servers, more
  commonly and ironically called DNS servers, hold
  these databases. Most of the time, they are
  Unix-type machines running a version of Berkley
  Internet Naming Daemon (BIND).

6
DNS Levels

• Root-Level Domain Servers
• Referenced by (.)
• Top-Level Domain Servers
• (.com, .edu, etc.)
• Second-Level Domain Servers
• (ms.com subdomain/children)
• Hosts
• (clients on LAN)

7
BIND

• Because BIND is Unix-based, installation can be a
  nightmare.
• Downloading BIND, however, is easy. Get it here
• http//www.ics.org
• All you have to do is download the install file
  to an empty directory then enter the following
  command into the prompt
• gunzip lt bind-src.tar.gz tar xf
• This will extract the BIND source code into the
  current directory. After extraction is complete,
  you will need to compile the source code. It
  would be nearly impossible to explain how to
  install it on every given machine that it can be
  installed on, so your best bet is to check out
  the src/INSTALL file for instructions straight
  from ICS.

8
BIND Functions

• BIND, as well as other DNS server packages,
  doesn't just store translation information
  between domain names and IP address. (More can be
  found out about how DNS works here.) Aside from
  the "A" record, which translate a host name into
  an IP address, there are many other types of
  records in a DNS database. Below are a few, with
  a quick rundown of each, and their function.

9
BIND Functions

• CNAME CNAME is a pointer to another host. The
  use of the CNAME entry is very important if one
  wishes to refer to the same machine as
  mail.host.com, pop.host.com and even
  smtp.host.com. CNAME records generally point to a
  record defined by the "A" Record. An Entry looks
  like
• Secondaryhost.domain.com. IN CNAME
  host.domain.com
• SOA (Start of Authority) This holds some
  administrative information about the domain
  records for which the server has some authority.
  It is a must-have for all DNS databases. This
  record also holds the time to live information
  for all records in its database.
• A This is the record that makes everything
  possible. It is the record that actually maps the
  domain name to the IP address. An example entry
  would look something like
• hostname.domain.com. IN A 192.168.0.2.
• MX (Mail Exchanger) If you want to offer e-mail,
  this is the record for you. MX defines which
  computer will act as the mail server for a
  certain domain. A sample entry would look like
• Domain.com. 10 IN MX hostnameofmailserver.domain.c
  om
• Domain.com is the name of the domain you wish to
  use for e-mail. Using this setup, the Webmaster's
  e-mail address would be webmaster_at_Domain.com. The
  Webmaster would log in to check his or her e-mail
  by using hostnameofmailserver.domain.com as a POP
  and SMTP server. The number "10" signifies the
  priority of the mail server. This comes in handy
  for large systems that have a back-up e-mail
  server or two.
• PTR Although PTR records can be used in many
  ways, they are most commonly used for reverse DNS
  look ups, also known as in-addr.arpa lookups.
  in-addr.arpa PTR records are the exact opposite
  of A records. The in-addr.arpa PTR record for the
  sample A record above would look like this
• 2.0.168.192.in-addr.arpa IN PRT
  hostname.domain.com.
• PTR in-addr.arpa records are used mainly for
  security issues, to verify that a computer
  actually is what it says it is.
• NS (Name Server) NS records simply identify the
  authoritative name server for a domain. There
  must be at least two of these records for every
  domain. A sample entry looks like
• Domain.com. IN NS nameserver.whereever.com.

10
Domain Name Server (DNS) Configuration

• Two of the most popular ways to configure the
  program Bind to perform DNS services is in the
  role of (1) ISP or (2) Web Host.
• In an ISP configuration the DNS server must
  resolve IP addresses for any URL the user wishes
  to visit. (See DNS caching server)
• In a purely web hosting configuration, Bind will
  only resolve for the IP addresses of the domains
  which are being hosted. This is the configuration
  which will be discussed and is often called an
  "Authoritative-only Nameserver".
• When resolving IP addresses for a domain,
  Internic is expecting a "Primary" and a
  "Secondary" DNS name server. (Sometimes called
  Master and Slave) Each DNS name server requires
  the file /etc/named.conf and the files it points
  to.

11
BIND Configuration File

• Note on Bind versions Mandrake 8.1 uses Bind
  version 9. Red Hat versions 6.x used Bind version
  8. Release 7.1 of Red Hat began using Bind
  version 9 and the GUI configuration tool
  bindconf was introduced for those of you that
  like a pretty point and click interface for
  configuration.

12
Examples of Files

• Role - Primary server (master)
• Location - File /etc/named.conf
• EX

13
Examples of Files

• Role - Secondary server (slave)
• Location - File /etc/named.conf
• EX

14
Testing DNS

• Test DNS
• Test the name server with the nslookup command in
  interactive mode nslookup
• gt server your-nameserver-to-test.domain.com
• gt node.domain-to-test.com
• gt exit Test the MX record if appropriate
• nslookup -querytypemx domain-to-test.com

15
DNS Conclusion

• DNS is one of the most least understood and most
  important aspects of the Internet.
• If it weren't for DNS names, the world of
  dot-coms wouldn't be known by such names as
  "amazon.com" but rather by numbers like,
  101.102.103.1.

16
The DNS Webmin GUI gt BIND
The Other DNS Servers page allows you to
configure the behavior of DNS servers that BIND
will communicate with in one way or another in a
zone transferring relationship. This allows you
to explicitly configure several aspects of the
transfer relationship for each server.
17
Forwarding and Transfers
This page allows you to configure parent DNS
servers. Here, you declare what servers your BIND
can query and how to behave towards them.
18
Defaults for New Master Zones
Here you can define several default options for
new zones on your server, and zones for which you
provide backup service.
19
Creating a New Zone

• To create a new zone, click on one of the zone
  creation links in the Existing DNS Zones section
  of the screen.

20
Creating a Reverse Master Zone

• After creating a forward master zone, you should
  then return to the main BIND module page and
  create another master zone. This time, you will
  choose to create a reverse zone, in order to
  provide mapping from IP addresses to names.

21
Adding Records to a Master Zone

• Address - An address record allows you to enter
  the hostname, the time-to-live, and the address
  for a host. Every host on your network should
  have an Address Record.

22
Creating a Slave or Stub Zone

• Slave and Stub zones are created in exactly the
  same way, and are quite similar in some ways
  though their purposes are very different. Slave
  zones keep a complete copy in memory, and
  sometimes also on disk, of a zone that it
  receives via a zone transfer from a master zone.
  A slave zone can answer any queries for a zone,
  and as long as network connectivity remains
  intact between the master and slave, and the
  servers are configured correctly, it will stay in
  sync with the master server. A stub zone also
  syncs to a master server, however it only keeps
  NS and SOA record information from the master
  server. This allows BIND to keep up with
  delegation information automatically.

23
Creating a Slave Zone
The only information required is the domain name
or the network and the addresses of one or more
master nameservers. This is very simple!
24
Creating a Forward Zone

• A forward zone is simpler still. It's only
  possible configuration options are whether it is
  a forward (name to address) or reverse (address
  to name) zone type, the name or network of the
  domain, and the master servers to forward
  requests to. A forward zone is just specific
  instructions for BIND that it should forward
  requests for a specific zone to one or more
  specific name servers. BIND does not perform zone
  transfers with a forward zone, as it does in the
  case of slave and stub zones.

25
DNS Options

• Free DNS
• http//www.everydns.net
• Hardware
• http//www.infoblox.com/
• Software
• BIND
• DNS (MS, etc.)

26
Bind/DNS Links

• DNS RFC's
• Bind docs directory (Find it yourself)
• More on load balancing and round robin schemes
• LDP DNS-HOWTO
• ACME DNS resources
• DNS Security pressentation - Cricket Liu
  (coauthor of DNS and Bind
• DNS Security Paper - Craig Rowland
• GraniteCanyon.com Free DNS hosting - If you
  don't want to set it up, have someonw do it for
  you.
• EveryDNS.net - Free DNS
• Secondary.com - Free secondary names server
  hosting (five or fewer domains)
• UltraDNS.com - Outsourced DNS management and
  service
• OpenNIC - These people actually want to become an
  alternative to ICANN with their own DNS network.
• DynDNS/TODD - Dynamic DNS for those with dynamic
  IP addresses. (i.e. dial-up game servers etc.)
• Internet Software Consortium (ISC) Home Page -
  ISC Bind Home