DNS can be a vastly complicated thing, particularly setting up Bind the most common DNS server product in use. However, it doesn’t have to be scary.
In this post I’ll go through setting up Bind and configuring a test domain. If you’re not sure what DNS is or how it works, hit up Google and find out. This article by How Stuff Works isn’t too bad an overview either.
For my DNS setup, I run Bind as the master server, and have an account with EasyDNS for additional DNS servers that synchronise changes from the master server to their copy. This is more commonly known as a Secondary DNS.
Picture time! (I like pictures).
What happens when a DNS request comes in (say you want to load this blog), is that your ISP’s DNS servers will lookup the name servers for my domain, which would return one of the four options above. At that point your ISP’s DNS server will pick one at random and ask it for the IP address of my blog (known as an A record). Your computer can then connect directly to the server and open the blog.
Each of the EasyDNS servers listed above is actually an anycast constellation, which means it has four or five DNS servers spread across the globe. For example, at the time of writing, the EasyDNS 1 constellation had servers in Ashburn, Chicago, San Jose, Amsterdam and Tokyo.
The EasyDNS servers stay in sync through a method called a zone transfer. When I update the records on Shana, she will send a message to the EasyDNS transfer server that there is an update available for a specific domain. EasyDNS then requests a zone transfer to grab the most recent copy of the DNS records for that domain and updates their local server records.
That’s probably enough of an overview of my setup for now, lets get cracking on installing and configuring Bind. Fortunately, we don’t have to do anything here, Bind is already installed by default on FreeBSD.
[root@shana /]$ named -V
# BIND 9.8.1-P1 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
# using OpenSSL version: OpenSSL 0.9.8q 2 Dec 2010
It is worth noting here that the service/daemon that runs is actually called named. From here on out I’ll refer to everything using named as the product name “Bind” is rarely mentioned.
As it is already installed, you can imagine that a good chunk of the setup is already done for you too. This is true, all of the named configuration files can be found in /etc/namedb/. Lets check what we have in there.
[root@shana /etc/namedb]$ ls -F -1
|dynamic/||A subdirectory where dynamic zones live. Dynamic zones are typically updatable by client systems.|
|master/||A subdirectory where master zones live. Master zones are ones where we (this server) are considered authoritative for.|
|named.conf||The main Named configuration file.|
|named.root||A list of the root name servers that make up the core of DNS.|
|slave/||A subdirectory where slave/secondary zones live. Slave zones are ones where we retrieve config via zone transfer from somewhere else.|
|working/||A subdirectory named keeps its working files.|
You might notice too that the dynamic, slave and working directories are owned and writable by the bind user. That is because named will write to these directories itself.
For this post, we’re only really interested in the named.conf file and the master subdirectory.
READ MORE »