Craig Francis

BIND Setup

So to begin with the setup:

  1. You need to ensure BIND is installed. If your running OSX, then this has already been done for you. While Linux/BSD/Solaris usually needs to have it installed separately.

  2. Next you want to setup the '/etc/named.conf' file:

    //--------------------------------------------------
    // Include keys file
    //--------------------------------------------------

    include "/etc/rndc.key";

    //--------------------------------------------------
    // Global config file
    //--------------------------------------------------

    options {

    directory "/var/named/emma/";

    //query-source address * port 53;

    listen-on { 127.0.0.1; };

    include "/var/named/emma/forwarders.conf";

    forward only;

    //recursion no;

    };

    //--------------------------------------------------
    // Zone Config
    //--------------------------------------------------

    zone "emma.domain.com" in {
    type master;
    file "db.emma.domain.com";
    };

    zone "2.168.192.in-addr.arpa" in {
    type master;
    file "db.2.168.192";
    };

    //zone "gemma.domain.com" in {
    // type master;
    // file "db.gemma.domain.com";
    //};
    //
    //zone "0.168.192.in-addr.arpa" in {
    // type master;
    // file "db.0.168.192";
    //};

    //--------------------------------------------------
    // Logging setup
    //--------------------------------------------------

    logging {
    category default {
    _default_log;
    };
    channel _default_log {
    file "/Library/Logs/named.log";
    severity info;
    print-time yes;
    };
    };

    In this example, I am using the network 192.168.2, this can be changed, but if you do, you should also change the in-addr record... see above, its written backwards.

    Also in this example (commented out), I am using the network 192.168.2, as the virtual network provided by Parallels. While 192.168.0 is the external (home) network, with the second computer "gemma".

  3. If you do not already have a '/etc/rndc.key' file, you need to run:

    sudo rndc-confgen -a

  4. The '/var/named/emma/forwarders.conf' file contains:

    forwarders {
    192.168.0.1;
    };

    This is the IP address for DNS servers you want to forward queries onto, like when you want to resolve craigfrancis.co.uk.

    If you have multiple IP addresses, then you can easily add them. But make sure you add the semi-colon at the end of each one!

    Normally you can find the forwarders IP address by typing:

    cat /etc/resolv.conf

    If you have a few of these forwarder files, each one setup for a different network... then when you join a different network, you can use the following shell script to update the configuration:

    #!/bin/sh

    ##########
    # Define required variables
    ##########

    ROOT="/var/named/emma";

    ##########
    # Check the location
    ##########

    if [ -z $1 ]; then
    echo "Location not specified";
    exit 0;
    fi

    if [ ! -f $ROOT/forwarders/$1 ]; then
    echo "Invalid location specified";
    exit 0;
    fi

    ##########
    # Switch the config
    ##########

    cp $ROOT/forwarders/$1 $ROOT/forwarders.conf

    ##########
    # Reload the config
    ##########

    sudo /usr/sbin/rndc reconfig

    ##########
    # Flush the DNS cache
    ##########

    #lookupd -flushcache
    dscacheutil -flushcache

    NOTE: In OSX 10.4, you need to use lookupd.

  5. Now each of the 'db' files needs to be created...

    /var/named/emma/db.emma.domain.com

    $TTL 86400 ; 1 day
    @ IN SOA ns.emma.domain.com. root.emma.domain.com. (
    2003040101 ; Serial
    10800 ; Refresh after 3 hours
    3600 ; Retry after 1 hour
    604800 ; Expire after 1 week
    86400 ) ; Minimum TTL of 1 day

    ; name servers
    emma.domain.com. IN NS ns.emma.domain.com.

    ; address mappings
    emma.domain.com. IN A 192.168.2.2
    *.emma.domain.com. IN A 192.168.2.2

    /var/named/emma/db.2.168.192

    $TTL 86400 ; 1 day
    @ IN SOA ns.emma.domain.com. root.emma.domain.com. (
    2003040103 ; Serial
    10800 ; Refresh after 3 hours
    3600 ; Retry after 1 hour
    604800 ; Expire after 1 week
    86400 ) ; Minimum TTL of 1 day

    IN NS ns.emma.domain.com.
    2 IN PTR emma.domain.com.

    /var/named/emma/db.gemma.domain.com

    $TTL 86400 ; 1 day
    @ IN SOA ns.gemma.domain.com. root.gemma.domain.com. (
    2003040101 ; Serial
    10800 ; Refresh after 3 hours
    3600 ; Retry after 1 hour
    604800 ; Expire after 1 week
    86400 ) ; Minimum TTL of 1 day

    ; name servers
    gemma.domain.com. IN NS ns.gemma.domain.com.

    ; address mappings
    gemma.domain.com. IN A 192.168.0.21
    *.gemma.domain.com. IN A 192.168.0.21

    /var/named/emma/db.0.168.192

    $TTL 86400 ; 1 day
    @ IN SOA ns.gemma.domain.com. root.gemma.domain.com. (
    2003040103 ; Serial
    10800 ; Refresh after 3 hours
    3600 ; Retry after 1 hour
    604800 ; Expire after 1 week
    86400 ) ; Minimum TTL of 1 day

    IN NS ns.gemma.domain.com.
    21 IN PTR gemma.domain.com.
    22 IN PTR emma.domain.com.

    You might have noticed in this last one, the record for 192.168.0.22... its not really used by us, but it does give a reverse DNS look-up record for that IP address.

Now the configuration has been done, we need to get BIND to start when booting the computer.

Please note the following instructions are for OSX, if you are running this on Linux/BSD/Solaris, it will use a different startup method, dependent on the distro.

  1. /Library/StartupItems/BIND/StartupParameters.plist

    {
    Description = "DNS server";
    Provides = ("BIND");
    Requires = ("Network");
    OrderPreference = "None";
    }

    NOTE: If this computer will be running Parallels, then you will need to change the 'Requires' line from 'Network' to 'Parallels'. This is because Parallels needs to create the virtual network interface first, so that BIND can listen on it.

  2. /Library/StartupItems/BIND/BIND

    #!/bin/sh
    ##
    # BIND name service.
    ##

    # Suppress the annoying "$1: unbound variable" error
    # when no option was given
    if [ -z $1 ] ; then
    echo "Usage: $0 [start|stop|restart] "
    exit 1
    fi

    # Source the common setup functions for startup scripts
    test -r /etc/rc.common || exit 1
    . /etc/rc.common

    StartService ()
    {
    if [ "${DNSSERVER:=-NO-}" = "-YES-" ]; then
    ConsoleMessage "Starting named"
    /usr/sbin/named -c /etc/named.conf
    fi
    }

    StopService ()
    {
    ConsoleMessage "Stopping named"
    killall named
    }

    RestartService ()
    {
    ConsoleMessage "Restarting named"
    killall named
    /usr/sbin/named -c /etc/named.conf
    }

    RunService "$1"

    NOTE: This script checks in the /etc/hostconfig file for the line:

    DNSSERVER=-YES-

  3. Both of these startup scripts need to be owned by root, and cannot allow anyone else to write to them:

    cd /Library/StartupItems/BIND/

    sudo chown root:wheel StartupParameters.plist
    sudo chown root:wheel BIND

    sudo chmod 644 StartupParameters.plist
    sudo chmod 755 BIND

And to finish it off, you should re-start your computer to ensure the service starts up correctly.

To use this service, open your network configuration, and add "127.0.0.1" as your DNS server on the main network interface, then in your Terminal run:

ping emma.domain.com

If the IP address 192.168.2.2 it returned, the DNS setup has been successful... otherwise, please read the debug instructions.

When its all running correctly, then have a look at the Apache configuration, to see how the remainder of my setup works.

Thank you for reading this article, any feedback would be greatly appreciated. Also, if you would like to take a copy of this article, please read the terms this article is released under. This article was originally written Sunday 17th June 2007 and was updated on Friday 14th September 2007.