ubuntu bind9

DNS – Part 2 – Install Bind9 on Ubuntu

Let’s do this!

Installing packages

First I will install and run the packages:

  • bind9 – The DNS server package;
  • dnsutils – some tools to test and help operate the server (dnsutils).

On the command line I just run this:

sudo apt-get install bind9 dnsutils

Configuring Bind9

First I’ll configure the DNS servers I’ll forward requests to (and feed on) and my DNS server port.

  • I chose to forward requests to Uncesored DNS for historic reasons. The DNS server you use is relevant depending on your case. This is a topic of its own so I’ll leave it for now;
  • I use the standard DNS server port 53.

To achieve this I run this to open the named.conf.options file up:

sudo nano /etc/bind/named.conf.options

And then I make it look like this:

options {
        directory "/var/cache/bind";

        forwarders {
                // http://www.uncensoreddns.org/

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };

        listen-on port 53 { any; };

Second I tell Bind9 (at the named.conf.local file) where to find the configuration for my domain (at the /etc/bind/zones/zone.joaolino.com file ), a.k.a. the “joaolino.com” zone file .

I run this to open the named.conf.local file up:

sudo nano /etc/bind/named.conf.local

And then I make it look like this:

zone "joaolino.com" {
        type master;
        file "/etc/bind/zones/zone.joaolino.com";

Third let’s make the zones folder to keep thinks nice and neat by running this:

sudo mkdir /etc/bind/zones

Forth it’s time to setup the base domain zone file that is responsible for resolving the domain name. For this it is important to keep in mind that the DNS will be running with a dynamic IP, so TTL has to be a low value to ensure a reasonable minimum down time. On the other hand, I don’t want to force other DNS servers to spam my own server with requests. So spam vs. down-time.

A good estimate for an IP change is about 1 per month. If I set my TTL to 15 minutes, I’ll have a mean down-time of 7 minutes per month. I’ll be up 99.98402% of the time, during a year, One 9. For business solutions you want SLAs with minimum Six 9 (99.999999%). To get that high I would have to setup a TTL of 12 milliseconds. Since I don’t get those many visits, 15 minutes will be fine for now.

To open the file I run:

sudo nano /etc/bind/zones/zone.joaolino.com

Now all that is left to do is paste this inside:

; zone.joaolino.com BIND9 configuration file
$TTL 900     ;604800
$INCLUDE /etc/bind/zones/zone.joaolino.com.soa
@        IN      NS      ns.joaolino.com.
@        IN      MX      10      mail.joaolino.com.
$INCLUDE /etc/bind/zones/zone.joaolino.com.a
news    IN    CNAME    @
proxy    IN    CNAME    @
home    IN    CNAME    @

Configuring the dynamic IP update

I run this to create the configdns script responsible for updating the IP address:

sudo nano /usr/local/bin/configdns

And then I make it look like this:

OLD_IP_ADDRESS_EXTERNAL=$(/bin/cat /etc/bind/zones/zone.joaolino.com.ipaddress)

        # Set Variables
        BIND_SERIAL=$(($(/bin/cat /etc/bind/zones/zone.joaolino.com.serial)+1))

        # Configure serial for joaolino.com zone
        /bin/echo "JOAOLINO.COM.   IN   SOA     joaolino83.dynip.sapo.pt. root.joaolino.com. (" > /etc/bind/$
        /bin/echo "                $BIND_SERIAL     ;serial" >> /etc/bind/zones/zone.joaolino.com.soa
        /bin/echo "                3600          ;refresh" >> /etc/bind/zones/zone.joaolino.com.soa
        /bin/echo "                1800          ;retry" >> /etc/bind/zones/zone.joaolino.com.soa
        /bin/echo "                604800        ;expiration" >> /etc/bind/zones/zone.joaolino.com.soa
        /bin/echo "                0             ;TTL for NACK" >> /etc/bind/zones/zone.joaolino.com.soa
        /bin/echo "                )" >> /etc/bind/zones/zone.joaolino.com.soa

        /bin/echo "$BIND_SERIAL" > /etc/bind/zones/zone.joaolino.com.serial

        # Configure Bind IP
        /bin/echo "@    IN      A       $CURRENT_IP_ADDRESS_EXTERNAL" > /etc/bind/zones/zone.joaolino.com.a
        /bin/echo "ns   IN      A       $CURRENT_IP_ADDRESS_EXTERNAL" >> /etc/bind/zones/zone.joaolino.com.a
        /bin/echo "mail IN      A       $CURRENT_IP_ADDRESS_EXTERNAL" >> /etc/bind/zones/zone.joaolino.com.a
        /bin/echo "www  IN      A       $CURRENT_IP_ADDRESS_EXTERNAL" >> /etc/bind/zones/zone.joaolino.com.a

        /bin/echo "$CURRENT_IP_ADDRESS_EXTERNAL" > /etc/bind/zones/zone.joaolino.com.ipaddress

        # Restart Bind9
        /usr/sbin/service bind9 restart

        named-checkzone joaolino.com /etc/bind/zones/zone.joaolino.com

Now I just run this to make the script executable:

sudo chmod +x /usr/local/bin/configdns

Because the change in IP address can happen at any minute, I’ll schedule a cron job to keep an eye on that. I open the crontab by typing

sudo nano /etc/crontab

And then I add this line to the end of the file:

* *    * * *    root    /usr/local/bin/configdns

Leave a Reply