Last Updated: 8/20/2024
BIND. Put simply bind is the open source software that can be used to translate fully qualified domain names into their IP addresses. Typically this is often referred to as using a phone book to translates a person name into their corresponding phone number on record.
In this segment we will talk about the installation and use of bind. We will look at some of the other configuration issues in separate posts.
I am going to type free form for a moment to discuss, bind. We are going to want to talk about how DNS works, the internet Root file, Root Hints and the reference lookup.
DNS uses …
DNS uses port 53 in order to communicate with. Originally this works with UDP; It was extended for use with IP V4 TCP/IP (A) records and then TCP/IP V6 (AAA) records. (more on this later) This subject has more than a few moving parts and as I had to start somewhere I choose to lead with this. BTW, this can also explain why if you are using VPN something can get squirrelly. if whoever implemented your VPN doesn’t allow certain traffic through… then it can’t work. So please be aware, or at least remember this fact for your critical thinking skills when trying to factor why something isn’t exactly working the way you expect. NTP Time, and DNS resolution; and the ability to reach a Gateway highly factors into testing.
Root Hints:
Root hints are a list of DNS servers that DNS servers can use to resolve queries for names they don’t know
Most servers – Windows, Linux.that install a DNS service come with a set of root hints. So that if you ask a question for a domain not already in cache. It can at least provide you with a rudimentary starting point that you can ask. These first few request are used to help you find the Authoritative server that is responsible for answering questions regarding servers in it’s domain.
DNS:
DNS works in decentralized fashion. That is, we all agree on how it works.
Which also means that somewhere in this discussion we are now going to talk about a system that has democratically changed over the years. Think of there being, by most accounts, 13 root servers. See Wikipedia below for history. The story reads as “In 1984, Jon Postel and Paul Mockapetris set up the first root server at the University of South California’s Information Science Institute (ISI( to test the Domain Name System (DNS)”. Jon Postel’s name is important, because he also helped give us SMTP or mail.
In short imagine that there are 13 entries labeled a-m using root-server.net. Youshould be able to ask any one of these 13 agreed upon ROOT servers a full name. Now the purpose of these 13 name server might not be to answer your ultimate question (say www.cnn.com) but it might be enough to tell you WHICH server you need to ask for the AUTHORITATIVE RESPONSE. or in short; who should be able to get you the answer.
a.root-servers.net 198.48.0.4
m.root-servers.net 202.12.27.33Installing Bind:
The most current version is bind9. So installing it is as simple as….
root@nodey:/home/ubuntu# apt install bind9
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
bind9-utils dns-root-data
Suggested packages:
bind-doc resolvconf
The following NEW packages will be installed:
bind9 bind9-utils dns-root-data
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 427 kB of archives.
After this operation, 1,684 kB of additional disk space will be used.
Do you want to continue? [Y/n] y^C
Directory Structure:
In /etc/bind9/x you should be able to find the configuration files.
in the X directory will be “Zone files” which consist of Resource Records (RR)
; base zone file for example.com
$TTL 2d ; default TTL for zone
$ORIGIN example.com. ; base domain-name
; Start of Authority RR defining the key characteristics of the zone (domain)
@ IN SOA ns1.example.com. hostmaster.example.com. (
2003080800 ; serial number
12h ; refresh
15m ; update retry
3w ; expiry
2h ; minimum
)
; name server RR for the domain
IN NS ns1.example.com.
; the second name server is external to this zone (domain)
IN NS ns2.example.net.
; mail server RRs for the zone (domain)
3w IN MX 10 mail.example.com.
; the second mail servers is external to the zone (domain)
IN MX 20 mail.example.net.
; domain hosts includes NS and MX records defined above
; plus any others required
; for instance a user query for the A RR of joe.example.com will
; return the IPv4 address 192.168.254.6 from this zone file
ns1 IN A 192.168.254.2
mail IN A 192.168.254.4
www IN A 192.168.254.7
; aliases ftp (ftp server) to an external domain
ftp IN CNAME ftp.example.net.AConfiguring BInd:
Quick word about services
Don’t forget about your basic tools used to restart and check on your bind service.
systemctl reload bind9
systemctl start bind9
systemctl stop bind9Troubleshooting:
The “named-checkzone” tool can be used to double check the list of custom zone files that have been created to see which one of them might be throwing an ABEND (abnormal end) and keeping you from continuing.
named-checkzone sparedomain.net sparedomain.net.dbReference:
https://www.redhat.com/sysadmin/dns-configuration-introduction
https://en.wikipedia.org/wiki/Root_name_server
https://cybergav.in/2020/05/18/root-hints-vs-dns-forwarders/