Bind 9 configuration

Spain, Dr. Jeffry A. spainj at countryday.net
Sun May 20 18:35:43 UTC 2012 

> (I hope that it's fine to ask about issues connected with the previous version of bind.)
Bind9 has its own listserv at bind-users at lists.isc.org. There are many DNS experts available there.

> Could you confirm that my settings are correct?
> I'm using this guide (my configuration scenario is primary master server):
> https://help.ubuntu.com/community/BIND9ServerHowto
See also the definitive bind9 documentation at http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.pdf. This is for the current version 9.9 of bind. See http://www.isc.org/software/bind/documentation for earlier versions.

> Questions:
> 1. My /etc/hosts doesn't contain anything related to ns.example.com. Is this OK?
Probably ok. Your /etc/resolv.conf should contain the addresses of recursive resolvers that can resolve ns.example.com and any other domain name.

> 2. How to configure bind to support IPv6?
You should have a file /etc/named.conf.options. It should contain by default:
options {
        listen-on-v6 { any;     };
};
Beyond this if your network where your example.com hosts are located supports IPv6 and you have IPv6 Internet connectivity, then add AAAA records to your zone files so that your domain names can be resolved to IPv6 addresses.

> 3. I have joe.example.com in db.example.com. Will it be my email address (e.g. joe at example.com)?
The domain name joe.example.com doesn't correlate to the mailbox joe at example.com. You have specified your mail exchanger as mail.example.com. That host needs to know how to deliver messages to the mailbox joe at example.com.

> 4. Is it possible (and necessary) to have several ns (and mx) records on the same machine?
Possible and recommended but not necessary. With multiple NS records and thus multiple authoritative DNS servers, you have redundancy in the case of a DNS server failure. Typically you would configure one as a master with one or more slaves, or have a stealth master with two or more slaves. With multiple MX records, each of which should have a different priority, you can specify preferred and backup mail exchangers to mitigate against mail host failures.

> 5. What should I write in /etc/bind/db.<the first octet> file? Could you provide an example?
This is a reverse DNS zone file for purposes of resolving IP addresses to domain names. It must contain an SOA and NS records like your forward zone file and PTR records. For this to work properly, your ISP will need to delegate reverse DNS resolution for your address space to you.

> 6. Is there a need for additional tweaking?
Seems like there is always a need for tweaking. Start by seeing how things are working. Check your log file "cat /var/log/syslog | grep named". Use the "dig" utility to look up domain names on your server, e.g. "dig @ns.example.com www.example.com". See the above-cited Bv9ARM.pdf for more info on dig and other bind utilities. Here's a good book for you to read: http://www.amazon.com/DNS-BIND-5th-Edition-Cricket/dp/0596100574.

Jeffry A. Spain
Network Administrator
Cincinnati Country Day School

More information about the bind-users mailing list