Installing BIND Locally

joeswat · 08-30-2013, 07:28 PM

I got BIND installed (CentOS) all is good I can do dns etc.

What I do want to do is install BIND (Dns) locally as we have 2 networks and I want only the intranet to work with that server. All I really need is 10.x.x.x/24 servers to do a dns lookups (BIND Dns Cache) and thats it.

Not sure what I need all to put in named.conf to get that all done.

Please if you could guide me bit through what I need to place in named.conf (I dont need a domain name) so I am assuming zone can be taken off?

So here it is what I got so far.

Code:

// /var/named/chroot/etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; };   // I Tried placing ; any ; 
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.x.x.x/24; };
        allow-query-cache    { localhost; 10.x.x.x/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

zone "." IN {
        type hint;
        file "named.ca";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

include "/etc/named.rfc1912.zones";

It works locally on the server it self, but if I put this dns server on windows as (primary dns server) its not resolving. I get timeout..

Not sure what I am missing, iptables?

Thank you a lot!

bathory · 08-31-2013, 02:31 AM

Quote:

listen-on port 53 { 127.0.0.1; }; // I Tried placing ; any ;
listen-on-v6 port 53 { ::1; };

Remove or comment out the above lines, so named listens on all available interfaces. Of course if you want you can use the following:

Code:

       listen-on port 53 { 127.0.0.1; 10.x.y.z;};   // I Tried placing ; any ; 
       listen-on-v6 port 53 { ::1; X:Y:Z;};

wher 10.x.y.z and X:Y:Z are the ipv4 and ipv6 addresses of your dns server.
Also check if your firewall blocks port 53 udp/tcp.
And better restrict recursion to your LAN using

Code:

allow-recursion {10.x.x.x/24; };

instead of

Quote:

recursion yes;

Regards

joeswat · 09-01-2013, 09:29 AM

Thank you, ill try.
One thing to mention is that the 10. is private network (does not go out) yet lets say 11.x network is going out through nat fw

FYI locally on server it works just fine

nslookup mydomain.com 10.x.x.x