Setting up BIND

Install the software

sudo apt-get install bind9 bind9utils dnsutils

Let's inspect the /etc/bind directory:

cd /etc/bind
ls -l

You will see a number of files, including:

named.conf
named.conf.default-zones
named.conf.local
named.conf.options

Let's take a look at the named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

As you see named.conf points to 3 include files, used respectively for:

• storing configuration options (.options)
• define the list of zones to load (.local)
• specify zones to be answered "by default" (.default-zones)

Let's start by looking at options...

Turn off recursion

Start by editing /etc/bind/named.conf.options.

The first thing we want to do is turn recursion OFF. As explained in class, it's not the role of an authoritative nameserver to respond to recursive queries.

sudo vi /etc/bind/named.conf.options

Find the line where it says

    dnssec-validation auto;

And just below, add:

    recursion no;

So it should now look like:

    dnssec-validation auto;
    recursion no;

Save, and exit, the file, then reconfigure your nameserver:

sudo rndc reconfig

If all goes well, if you now submit a query to your nameserver for, say, www.google.com, you should see REFUSED:

dig @127.0.0.1 www.google.com

Check that this is the case, correct otherwise!

Bonus: you should also modify /etc/bind/named.conf.default-zones, and remove anything below the "root.db" zone definition.

After, reconfigure your nameserver as usual.

Load your zone

The next step is to load the zone that is being generated automatically.

Make sure you've created a cron job so that your zone is being generated by genzone_client, and you know where it is.

Edit the file /etc/bind/named.conf.local, and at the bottom of the file, add a statement for your zone:

zone "myzone" {
        type master;
        file "/home/sysadm/zones/db.myzone";
};

DO remember to replace myzone with the name of your zone :)

Save the file and exit, then run:

sudo rndc reconfig

Check That the zone has loaded properly:

dig @localhost SOA myzone

If everything goes well, you should see something like:

;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 11
...
;; ANSWER SECTION:
myzone.         18000   IN  NS  ...
myzone.         18000   IN  NS  ...
myzone.         18000   IN  NS  ...
myzone.         18000   IN  NS  ...