Difference between revisions of "How to install Bind9"

From ppwiki
Jump to navigation Jump to search
(Created page with "==Coming soon==")
 
 
(21 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Coming soon==
+
=Prerequisites=
 +
BIND is an open source software that allows you to setup a Domain Name Server (DNS) to resolve IP addresses to hostnames and vice versa
 +
To complete this tutorial, we will need:
 +
* 1 node for the Bind9 server
 +
* 1 or 2 nodes for testing
 +
 
 +
All 3 nodes in this tutorial have Ubuntu 16.04, but this will work as well on Debian Stretch. So make sure first all your nodes have Ubuntu or Debian installed and have all updates.
 +
 
 +
=Bind9 installation=
 +
The installation is very simple just two commands
 +
 
 +
sudo apt-get install bind9
 +
sudo apt-get install bind9utils
 +
 
 +
If you are using puppet in your environment, you can also create a class and use it to install bind9.
 +
 
 +
Example of class:
 +
 
 +
#The class will install a DNS server using the bind9 package
 +
class server::bind_server {
 +
#Execute -apt-get update'
 +
        exec { 'apt-update':
 +
                command => '/usr/bin/apt-get update'
 +
        }
 +
#installation of Bind
 +
        package { 'bind9':
 +
                require => Exec['apt-update'],
 +
                ensure => installed,
 +
        }
 +
#installation of Bind  utils
 +
        package { 'bind9utils':
 +
                require => Exec['apt-update'],
 +
                ensure => installed,
 +
        }
 +
service { 'bind9':
 +
                        ensure => running,
 +
        }
 +
}
 +
 
 +
=Bind9 configuration=
 +
All the configuration files we need are under /etc/bind/. The fist configuration file we will work on is named.conf.local. In this file we are going to define all the zones we need and the path to the zones file. The default file looks like the one below.
 +
 
 +
//
 +
// Do any local configuration here
 +
//
 +
// Consider adding the 1918 zones here, if they are not used in your
 +
// organization
 +
//include "/etc/bind/zones.rfc1918";
 +
 
 +
To this file we are going to define our first zone  tx.labnet and the reverse zone 0.64.10.in-addr.arpa. so the file will look like the one below.
 +
 
 +
//
 +
// Do any local configuration here
 +
//
 +
// Consider adding the 1918 zones here, if they are not used in your
 +
// organization
 +
//include "/etc/bind/zones.rfc1918";
 +
zone "tx.labnet" {
 +
        type master;
 +
        file "/etc/bind/zones/labnet";
 +
        notify yes;
 +
    };
 +
zone "0.64.10.in-addr.arpa" {
 +
        type master;
 +
        file "/etc/bind/zones/10.in-addr.arpa";
 +
        notify yes;
 +
        };
 +
 
 +
Now that we have define our zones it is time to to create the two files for our zones. Under /etc/bind/, create a directory named zones
 +
 
 +
cd /etc/bind/
 +
sudo mkdir /etc/bind/zones
 +
 
 +
Create the two files 'labnet" and "10.in-addr.arpa"
 +
 +
ppaul@ns2:/etc/bind/zones$ sudo touch labnet 10.in-addr.arpa
 +
 +
ppaul@ns2:/etc/bind/zones$ ls -l
 +
total 8
 +
-rw-r--r-- 1 root root 1723 Jan 31 17:07 10.in-addr.arpa
 +
-rw-r--r-- 1 root root 1620 Jan 31 17:07 labnet
 +
 
 +
We are going to start with the "labnet" file. Open the "labnet" file and copy and paste the content below into the file.
 +
 
 +
$TTL    604800
 +
@      IN      SOA    ns2.tx.labnet. admin.tx.labnet. (
 +
                              50        ; Serial
 +
                          43200        ; Refresh 12H
 +
                          7200        ; Retry    2H
 +
                        2419200        ; Expire
 +
                          3600 )      ; Negative Cache TTL 1H
 +
; name servers - NS records
 +
        IN      NS      ns2.tx.labnet.
 +
; name servers A records
 +
ns2      IN      A      10.64.0.2
 +
;CANAME Records
 +
puppet          IN      CNAME  puppetmaster2003.tx.labnet.
 +
;10.64.0.0 - A records
 +
lab2001                A      10.64.0.19
 +
 
 +
I am not going to go over each line in this file. If you need to know the meaning of each value used in this file, please read about it in the references section.
 +
 
 +
In your file remember to replace ns2 with the name of your DNS server it can be ns0, ns1 ...if you have to define CNAME you can do so under the CNAME section. The CNAME I have defined so far is just an example. If you do have more then one DNS server you can put them under the name servers A records and the name servers NS records. For now we do have only one DNS server but later on we will see how to install two DNS servers. Under 10.64.0.0.A records that's where we define all our server name with their IP addresses. 
 +
 
 +
Once done save the file and close it. Open the second file 10.in-addr.arpa. This file like the same as the first file, the only different here we are defining PTR records and not A records. Copy and paste the content below in the 10.in-addr.arpa.
 +
 
 +
$TTL    604800
 +
@      IN      SOA    ns2.tx.labnet. admin.tx.labnet. (
 +
                            50        ; Serial
 +
                        604800        ; Refresh
 +
                          86400        ; Retry
 +
                        2419200        ; Expire
 +
                        604800 )      ; Negative Cache TTL
 +
; name servers
 +
        IN      NS      ns2.tx.labnet.
 +
; PTR Records
 +
; 0.64.10
 +
19      IN      PTR    lab2001.tx.labnet.
 +
 
 +
Once done, save and close the file.
 +
 
 +
Restart the bind9 service and make sure that the service is running.
 +
 
 +
ppaul@ns2:~$ sudo systemctl restart bind9
 +
 
 +
ppaul@ns2:~$ sudo systemctl status bind9
 +
● bind9.service - BIND Domain Name Server
 +
  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor pres
 +
  Drop-In: /run/systemd/generator/bind9.service.d
 +
          └─50-insserv.conf-$named.conf
 +
  Active: active (running) since Fri 2019-02-01 17:06:32 CST; 1min 19s ag
 +
    Docs: man:named(8)
 +
  Process: 10125 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCE
 +
Main PID: 10132 (named)
 +
    Tasks: 4
 +
  Memory: 11.4M
 +
      CPU: 165ms
 +
  CGroup: /system.slice/bind9.service
 +
          └─10132 /usr/sbin/named -f -u bind
 +
 
 +
=Testing=
 +
Time to test out. We do have for now 1 DNS servers ns2.tx.labnet and one test server lab2001.tx.labnet defined in our zone files. There are 3 basics test to run to make sure that your DNS server(s) is working.
 +
 
 +
* ping
 +
* dig
 +
* nslookup
 +
==Ping==
 +
There are 3 ping tests to do. The first one is ping the IP address, the second one is ping the name of the node that he third one is the FQDN of the node.
 +
 
 +
From our lab2001 node we are going to perform all those test.
 +
 +
ppaul@lab2001:~$ ping 10.64.0.2
 +
PING 10.64.0.2 (10.64.0.2) 56(84) bytes of data.
 +
64 bytes from 10.64.0.2: icmp_seq=1 ttl=64 time=0.324 ms
 +
64 bytes from 10.64.0.2: icmp_seq=2 ttl=64 time=0.440 ms
 +
64 bytes from 10.64.0.2: icmp_seq=3 ttl=64 time=0.171 ms
 +
--- 10.64.0.2 ping statistics ---
 +
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
 +
 
 +
ppaul@lab2001:~$ ping ns2
 +
PING ns2.tx.labnet (10.64.0.2) 56(84) bytes of data.
 +
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=1 ttl=64 time=0.284 ms
 +
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=2 ttl=64 time=0.294 ms
 +
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=3 ttl=64 time=0.271 ms
 +
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=4 ttl=64 time=0.394 ms
 +
--- ns2.tx.labnet ping statistics ---
 +
4 packets transmitted, 4 received, 0% packet loss, time 3039ms
 +
 
 +
papaul@lab2001:~$ ping ns2.tx.labnet
 +
PING ns2.tx.labnet (10.64.0.2) 56(84) bytes of data.
 +
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=1 ttl=64 time=0.160 ms
 +
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=2 ttl=64 time=0.170 ms
 +
--- ns2.tx.labnet ping statistics ---
 +
2 packets transmitted, 2 received, 0% packet loss, time 1020ms
 +
rtt min/avg/max/mdev = 0.160/0.165/0.170/0.005 ms
 +
 
 +
==dig==
 +
ppaul@lab2001:~$ dig tx.labnet
 +
; <<>> DiG 9.10.3-P4-Debian <<>> tx.labnet
 +
;; global options: +cmd
 +
;; Got answer:
 +
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7277
 +
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
 +
;; OPT PSEUDOSECTION:
 +
; EDNS: version: 0, flags:; udp: 4096
 +
;; QUESTION SECTION:
 +
;tx.labnet. IN A
 +
;; AUTHORITY SECTION:
 +
tx.labnet. 3600 IN SOA ns2.tx.labnet. admin.tx.labnet. 50 43200 7200 2419200 3600
 +
;; Query time: 0 msec
 +
;; SERVER: 10.64.0.2#53(10.64.0.2)
 +
;; WHEN: Fri Feb 01 17:11:24 CST 2019
 +
;; MSG SIZE  rcvd: 84
 +
 
 +
==nslookup==
 +
 
 +
ppaul@lab2001:~$ nslookup ns2
 +
Server: 10.64.0.2
 +
Address: 10.64.0.2#53
 +
Name: ns2.tx.labnet
 +
Address: 10.64.0.2
 +
 
 +
=Conclusion=
 +
=References=
 +
https://help.ubuntu.com/community/BIND9ServerHowto

Latest revision as of 23:08, 4 April 2019

Prerequisites

BIND is an open source software that allows you to setup a Domain Name Server (DNS) to resolve IP addresses to hostnames and vice versa To complete this tutorial, we will need:

  • 1 node for the Bind9 server
  • 1 or 2 nodes for testing

All 3 nodes in this tutorial have Ubuntu 16.04, but this will work as well on Debian Stretch. So make sure first all your nodes have Ubuntu or Debian installed and have all updates.

Bind9 installation

The installation is very simple just two commands

sudo apt-get install bind9 
sudo apt-get install bind9utils

If you are using puppet in your environment, you can also create a class and use it to install bind9.

Example of class:

#The class will install a DNS server using the bind9 package
class server::bind_server {
#Execute -apt-get update'
        exec { 'apt-update':
                command => '/usr/bin/apt-get update'
        }
#installation of Bind
        package { 'bind9':
                require => Exec['apt-update'],
                ensure => installed,
       }
#installation of Bind  utils
        package { 'bind9utils':
               require => Exec['apt-update'],
               ensure => installed,
       }
service { 'bind9':
                       ensure => running,
       }
}

Bind9 configuration

All the configuration files we need are under /etc/bind/. The fist configuration file we will work on is named.conf.local. In this file we are going to define all the zones we need and the path to the zones file. The default file looks like the one below.

//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

To this file we are going to define our first zone tx.labnet and the reverse zone 0.64.10.in-addr.arpa. so the file will look like the one below.

//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "tx.labnet" {
       type master;
       file "/etc/bind/zones/labnet";
       notify yes;
    };
zone "0.64.10.in-addr.arpa" {
       type master;
       file "/etc/bind/zones/10.in-addr.arpa";
       notify yes;
       };

Now that we have define our zones it is time to to create the two files for our zones. Under /etc/bind/, create a directory named zones

cd /etc/bind/
sudo mkdir /etc/bind/zones

Create the two files 'labnet" and "10.in-addr.arpa"

ppaul@ns2:/etc/bind/zones$ sudo touch labnet 10.in-addr.arpa

ppaul@ns2:/etc/bind/zones$ ls -l
total 8
-rw-r--r-- 1 root root 1723 Jan 31 17:07 10.in-addr.arpa
-rw-r--r-- 1 root root 1620 Jan 31 17:07 labnet

We are going to start with the "labnet" file. Open the "labnet" file and copy and paste the content below into the file.

$TTL    604800
@       IN      SOA     ns2.tx.labnet. admin.tx.labnet. (
                             50        ; Serial
                         43200         ; Refresh 12H
                          7200         ; Retry    2H
                       2419200         ; Expire
                          3600 )       ; Negative Cache TTL 1H
; name servers - NS records
        IN      NS      ns2.tx.labnet.
; name servers A records
ns2      IN      A       10.64.0.2
;CANAME Records
puppet          IN      CNAME  puppetmaster2003.tx.labnet.
;10.64.0.0 - A records
lab2001                 A       10.64.0.19

I am not going to go over each line in this file. If you need to know the meaning of each value used in this file, please read about it in the references section.

In your file remember to replace ns2 with the name of your DNS server it can be ns0, ns1 ...if you have to define CNAME you can do so under the CNAME section. The CNAME I have defined so far is just an example. If you do have more then one DNS server you can put them under the name servers A records and the name servers NS records. For now we do have only one DNS server but later on we will see how to install two DNS servers. Under 10.64.0.0.A records that's where we define all our server name with their IP addresses.

Once done save the file and close it. Open the second file 10.in-addr.arpa. This file like the same as the first file, the only different here we are defining PTR records and not A records. Copy and paste the content below in the 10.in-addr.arpa.

$TTL    604800
@       IN      SOA    ns2.tx.labnet. admin.tx.labnet. (
                            50         ; Serial
                        604800         ; Refresh
                         86400         ; Retry
                       2419200         ; Expire
                        604800 )       ; Negative Cache TTL
; name servers
       IN       NS      ns2.tx.labnet.
; PTR Records
; 0.64.10
19       IN      PTR     lab2001.tx.labnet.

Once done, save and close the file.

Restart the bind9 service and make sure that the service is running.

ppaul@ns2:~$ sudo systemctl restart bind9
ppaul@ns2:~$ sudo systemctl status bind9
● bind9.service - BIND Domain Name Server
  Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor pres
 Drop-In: /run/systemd/generator/bind9.service.d
          └─50-insserv.conf-$named.conf
  Active: active (running) since Fri 2019-02-01 17:06:32 CST; 1min 19s ag
    Docs: man:named(8)
 Process: 10125 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCE
Main PID: 10132 (named)
   Tasks: 4
  Memory: 11.4M
     CPU: 165ms
  CGroup: /system.slice/bind9.service
          └─10132 /usr/sbin/named -f -u bind

Testing

Time to test out. We do have for now 1 DNS servers ns2.tx.labnet and one test server lab2001.tx.labnet defined in our zone files. There are 3 basics test to run to make sure that your DNS server(s) is working.

  • ping
  • dig
  • nslookup

Ping

There are 3 ping tests to do. The first one is ping the IP address, the second one is ping the name of the node that he third one is the FQDN of the node.

From our lab2001 node we are going to perform all those test.

ppaul@lab2001:~$ ping 10.64.0.2
PING 10.64.0.2 (10.64.0.2) 56(84) bytes of data.
64 bytes from 10.64.0.2: icmp_seq=1 ttl=64 time=0.324 ms
64 bytes from 10.64.0.2: icmp_seq=2 ttl=64 time=0.440 ms
64 bytes from 10.64.0.2: icmp_seq=3 ttl=64 time=0.171 ms
--- 10.64.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
ppaul@lab2001:~$ ping ns2
PING ns2.tx.labnet (10.64.0.2) 56(84) bytes of data.
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=1 ttl=64 time=0.284 ms
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=2 ttl=64 time=0.294 ms
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=3 ttl=64 time=0.271 ms
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=4 ttl=64 time=0.394 ms
--- ns2.tx.labnet ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3039ms
papaul@lab2001:~$ ping ns2.tx.labnet
PING ns2.tx.labnet (10.64.0.2) 56(84) bytes of data.
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=1 ttl=64 time=0.160 ms
64 bytes from ns2.tx.labnet (10.64.0.2): icmp_seq=2 ttl=64 time=0.170 ms
--- ns2.tx.labnet ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1020ms
rtt min/avg/max/mdev = 0.160/0.165/0.170/0.005 ms

dig

ppaul@lab2001:~$ dig tx.labnet
; <<>> DiG 9.10.3-P4-Debian <<>> tx.labnet
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7277
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;tx.labnet.			IN	A
;; AUTHORITY SECTION:
tx.labnet.		3600	IN	SOA	ns2.tx.labnet. admin.tx.labnet. 50 43200 7200 2419200 3600
;; Query time: 0 msec
;; SERVER: 10.64.0.2#53(10.64.0.2)
;; WHEN: Fri Feb 01 17:11:24 CST 2019
;; MSG SIZE  rcvd: 84

nslookup

ppaul@lab2001:~$ nslookup ns2
Server:		10.64.0.2
Address:	10.64.0.2#53
Name:	ns2.tx.labnet
Address: 10.64.0.2

Conclusion

References

https://help.ubuntu.com/community/BIND9ServerHowto