Installing Bind on Debian 7.5

I normally setup a DNS server for hosting domains on my internal network making use of Bind 9.x. Do note that exploits do come out from time to time and that your DNS server should be setup properly to avoid anything from denial of service attacks to root compromises.

Once our server is configured, we can host any number of domains – the creation of the domains are covered in my next article.

Installing Bind

We install the Bind software by executing the following command in a “root” shell.

apt-get install bind9 bind9-doc

Once the installation is complete, we can customize the configuration by editing the files in the  /etc/bind directory.

Configuring Bind

The options are defined in the /etc/bind/named.conf.options file.

Queries

We are able to limit the hosts that are allowed to query the DNS server by defining an ACL and then setting the options for allow-query, allow-query-cache and allow-recursion to use the defined ACL.

acl allowquery {
	192.168.100.0/24;
};

options {
	/*
	 * Allow queries from our "allowquery" ACL.
	 */
	allow-query {
		allowquery;
	};

	/*
	 * Allow queries to the cache from our "allowquery" ACL.
	 */
	allow-query-cache {
		allowquery;
	};

	/*
	 * Allow recursive queries from our "allowquery" ACL.
	 */
	allow-recursion {
		allowquery;
	};
}

In the example above, we allow only the 192.168.100.0 network to query our DNS server.

Forwarders

DNS forwarders are DNS servers used to forward DNS queries to for DNS names outside of our network. To define DNS forwarders, we set these as shown below.

options {
	forwarders {
		192.168.0.10;
	};
};

In the example above, DNS queries would be forwarded to 192.168.0.10 for names not defined in our DNS server.

Listening

To limit the IP addresses that Bind would be listening on for DNS requests, we define the listen-on option as shown below.

options {
	listen-on {
		127.0.0.1;
		192.168.100.10;
	};
	listen-on-v6 { none; };
};

In the above example, Bind would be listening on the IPv4 addresses of 127.0.0.1 (or better known as localhost) and 192.168.100.10, which is defined as the primary IP address of our server. We also disabled the option to listen on IPv6, since we’re not using IPv6 on our network.

Once completed with the necessary options, remember to set the IP address of your DNS server in your /etc/resolv.conf file.

Local domains

We also create a container for our zones by executing the following command in a “root” shell.

mkdir -p /etc/bind/zones

Next, we create a definition file for our local zones by executing the following command in a “root” shell.

touch /etc/bind/zones.local

Finally, we edit the /etc/bind/named.conf.local file to contain the list of the zone definition files, as shown below.

include "/etc/bind/zones.rfc1918";
include "/etc/bind/zones.local";
Advertisements

One thought on “Installing Bind on Debian 7.5

Comments are closed.