The domain name server is an important part of the small business server allowing us to connect to other computers using friendly names instead of IP addresses. Because my client has a static IP address and an ISP willing to operate the slave domain name server I configured their domain name server as the master DNS for their domain. If your ISP isn’t willing to do this then you can use a service like no-ip.com or easyDNS.

Installing the domain name server

Installing the domain name server is a simple process thanks to apt-get. Simply log into the server and type in the following command.

% sudo apt-get install bind9

Configuring DNS

Because of our network setup the domain name server needs to resolve names to IP addresses differently for internal and external clients. To do this we use “views” so that internally names resolve directly to the servers IP address while externally they resolve to the routers IP address which will port forward to the server. We will also use views so some names resolve internally but not externally.

Start by creating a new file called /etc/bind/db.example.com-external (using your domain instead of example.com) and copy the following into it.

;
; BIND data file for example.com
;
$ORIGIN example.com.
$TTL    604800
example.com.            IN      SOA     example.com. root.example.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
                IN      NS      xxx.xxx.xxx.xxx.
                IN      NS      ns1.my-isp.com.
                IN      NS      ns2.my-isp.com.
;
example.com.    IN      A       xxx.xxx.xxx.xxx
;
@               IN      MX      10      sbs.example.com.
;
;
localhost               IN      A       127.0.0.1
sbs                     IN      A       xxx.xxx.xxx.xxx
www                     IN      CNAME   sbs
mail                    IN      CNAME   sbs

This zone file will be used when resolving names for requests from outside of our network. It should never return an internal IP address and should only contain entries we want visible externally. Make the following changes to suite your environment.

• Change root.example.com to the email address of the person responsible for your DNS replacing the @ with . (hence root@example.com becomes root.example.com)
• Change example.com to your domain
• Change sbs to the name of your small business server
• Change xxx.xxx.xxx.xxx to the public IP address of your router
• Change ns1.my-isp.com and ns2.my-isp.com to the names of the slave name servers

Now copy that file to /etc/bind/db.example.com-internal (remember to use your domain instead of example.com).

% sudo cp /etc/bind/db.example.com-external /etc/bind/db.example.com-internal

This zone file will be used when clients inside our network make DNS queries. You’ll need to change all of the external IP adresses to internal IP addresses. You may also want to add entires for internal devices such as other computers, network printers and your gateway. It’s safe to put these here because they won’t be visible from outside of your network. These entries will look something like:

pc1                     IN      A       xxx.xxx.xxx.xxx
pc2                     IN      A       xxx.xxx.xxx.xxx
printer                 IN      A       xxx.xxx.xxx.xxx
gateway                 IN      A       xxx.xxx.xxx.xxx

Now edit /etc/bind/named.conf.local and copy the following into it.

view "internal" {
    match-clients { 192.168.1.0/8; };

    zone "example.com" {
            type master;
            file "/etc/bind/db.example.com-internal";
    };
};

view "external" {
    match-clients { any; };

    zone "example.com" {
            type master;
            file "/etc/bind/db.example.com-external";
            allow-transfer {
                    xxx.xxx.xxx.xxx;
            };
    };
};

Then make a couple of changes to suite your environment:

• example.com should be changed for your domain name
• Replace xxx.xxx.xxx.xxx with the IP address for the server acting as the slave for your domain. You can add multiple lines here.
• Change 192.168.1.0/8 to suite your subnet

Finally restart the domain name server

% sudo /etc/init.d/bind9 restart

Port forwarding

To make your domain name server visible from outside of the network configure your router to forward UDP/TCP port 53 to the server.

Testing the domain name server

You should now test your DNS is configured properly by using the dig command. This needs to be done both inside and outside your network so you know each location is getting the correct result. Example queries are:

% dig @localhost example.com.au ns
% dig @localhost example.com.au a
% dig @localhost example.com.au mx
% dig @localhost sbs.example.com.au a
% dig @localhost www.example.com.au a
% dig @localhost www.example.com.au mx
% dig @localhost mail.example.com.au a
% dig @localhost mail.example.com.au mx

From outside your network simple change locahost for your routers IP address. This will also tell you if port forwarding is working correctly.

Tip: If your queries timeout then check /var/log/syslog for the error messages.

Making it live

When you’re ready to make the your DNS server live it’s a fairly simple process.

1. Configure your slave domain name servers to use your master. Your ISP or DNS hosting company can help you with this.
2. Get your domain registrar to change your primary, secondary and (optionally) other DNS servers.

As you can use any of the domain name servers as the primary and secondary servers it might make sense to use your ISP/DNS hosting company’s server for this as they’ll have a faster connection.

I’ll finish the domain name server in the next post when I cover the reverse lookup.