Resolving Domains Internally And Externally With Bind9 And Caching Nameserver Rumi, March 28, 2011 Preface: Some times, we are required to resolve our internal domains on a local nameserver and external (Internet) domains from ISP's nameserver. There are different solutions to this problem, but in this howto, we are going to solve it through configuring a combination of caching-nameserver and BIND 9. Theory Behind Caching-Namerserver and BIND 9: Caching-Nameserver is a type of nameserver that will resolve a web addresses (domain names) from its next or master DNS, and will keep those entries in cache, after first time resolution it will resolve DNS queries locally, untill its TTL (Time To Live) is expired. BIND 9 is used to resolve domain resolution queries from it own database, as it is SOA (Start Of Authority). So now it is clear that in our setup the caching-nameserver will be used to resolve domain names externally (internet), while BIND 9 will be used to resolve domain names from our local network (internally). Now we have caching-nameserver and BIND 9 hammer in our hands, lets start fixing it. 🙂 1. Installing caching nameserver/ BIND 9: Simplest method to install all required packages for this howto is, $ yum install caching-nameserver bind* same for apt based system, but if you don't have yum or apt configured you can install following packages from your distribution cds, I am not mentioning package versions as it depends on your distribution i.e. Required Packages: bind , bind-chroot, bind-utils, bind-lib, caching-nameserver After installation of these packages we have to find either we have all required packges installed or not, to do so, use following command. $ rpm -qa bind* $ rpm -qa caching-nameserver The above commands work fine, only if you are working on RPM based Linux Distro, otherwise check according to your own distro method. Now if you are able to see all mentioned packges , this means you are about to hit your nameserver with BIND hammer. 🙂 2. Editing named.conf: First of all we have to register our domain name with BIND, for the reason, we will edit named.conf, open it and type the following lines. $ vi /etc/named.conf Now type the following lines, i.e. zone "cbtcandy.org" IN { type master; file "cbtcandy.org.zone"; allow-update { none; }; }; You should replace cbtcandy.org with your own domain name. 3. Starting Bind Daemon: You can start bind daemon/service to check whether your named.conf is written perfectly, now you can do this by different method, I will state two of them: For RedHat, CentOS, Fedora type systems, give following command, $ service named start For Suse, Debian type systems, $ /etc/rc.d/rc.bind start Now if Bind daemon is started successfully that means we are half way done. 4. Setting Bind Daemon Starts On Boot: The following command will work perfectly on RedHat, CentOS, Fedora, but I am not sure about other distros, so better you find its equivalent. $ chkconfig named on –level 35 5. Zone File Creation: Now there is an issue. 🙁 Where is my shotgun? I.e. if you have installed bind-chroot, then you will be creating your domain zone file in /var/named/chroot/var/named/directory, and then you will make a softlink to the /var/named/ directory, but if you didn't install this chroot package, then you are going to create the zone file directly in the /var/named/ directory. Now the following command works fine, if you have bind-chroot: $ vi /var/named/chroot/var/named/cbtcandy.org.zone OR (if bind-chroot is not installed) $ vi /var/named/cbtcandy.org.zone and type the following lines into your zone file: $TTL 86400 @ IN SOA @ nayyares.gmail.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS nameserver.cbtcandy.org. nameserver IN A 192.168.1.1 cache IN A 192.168.1.2 www IN A 192.168.1.3 portal IN A 192.168.1.4 You can add as many records as you wish 🙂 in this file. Note: Here I am assuming that our DNS machine name is nameserver and LAN subnet is on 192.168.1.0/24 , you can change this according to your situation. Now the following step is needed only if you have created the zone file in the /var/names/chroot/var/named/ directory. $ ln -s /var/named/chroot/var/named/cbtcandy.org.zone /var/named/cbtcandy.org.zone 6. Editing resolv.conf: Now to tell our nameserver machine about the order it will look for name resolution, we have to edit /etc/resolv.conf file, $ vi /etc/resolv.conf and write the following two lines, but keep them in same order, as we want to first resolve domain resolution query by caching-name server, so we will keep 127.0.0.1 line first, in this file. nameserver 127.0.0.1 nameserver 212.96.24.1 Note: I assume that your ISP's nameserver machine IP is 212.96.24.1. 7. Setting Up Host Name: To set up your hostname according to your domain, we will edit /etc/sysconfig/network file, i.e. $ vi /etc/sysconfig/network Now type the following line: HOSTNAME=nameserver.cbtcandy.org 8. Restarting BIND Daemon: $ service named restart (Redhat,Fedora,Centos) OR $ /etc/rc.d/rc.bind restart (Suse,Debian) 9. Testing: Now to test whether your configuration is working fine or not, give the following command: $ nslookup nameserver.cbtcandy.org If you get the following result, this means your BIND 9 is working fine: Server: 127.0.0.1 Address: 127.0.0.1#53 Name: nameserver.cbtcandy.org Address: 192.168.1.1 Now to test your caching-nameserver, give the following command: $ nslookup www.howtoforge.org If you are getting the following result, this means the caching-nameserver is working fine. Server: 212.96.24.1 Address: 212.96.24.1#53 Name: www.howtoforge.org Address: 85.10.207.148 Src: http://www.howtoforge.com/linux_bind9_and_caching_nameserver ============================================================================================================ Administrations Configurations (Linux)