In the first part of this series on Installing BIND DNS I walked you through installing the software on Windows Web Server 2008. The main reason for this of course, is that Windows Web Server 2008 does not allow you to install the Microsoft DNS Role.
In this part of the series I will walk you through an initial configuration of the BIND DNS server. First let’s talk about a few different types of DNS server setups available.
Authoritative Name Servers
Every DNS zone, like www.trainsignaltraining.com, is served by at least one authoritative name server which contains all the DNS records for the zone.
To account for fault tolerance most zones have more than one server that keeps all these records in case of outages. Because of this you will have two types of Authoritative Name Servers — one that keeps the master copy of the zone and that server is called the primary master, and the other called a slave or secondary server that loads their data from the master server by a means of zone replication.
Caching Name Servers
Also called a recursive name server, this is most commonly the local DNS server that your operating system talks to.
When you make a request on your local PC, more than likely it will go out to your ISP’s DNS Caching server which will make a request to the Authoritative Name Server. One of the features of most caching servers is that it will keep that request cached for a certain amount of time to speed lookups.
Creating an Authoritative Name Server with BIND
Once BIND DNS is installed you will see that it is a pretty bare install and needs to be setup via configuration files. For some Wintel administrators this may be a little daunting in an age of GUI interfaces, but don’t worry it isn’t too painful, and gives you good practice for some *nix cross training.
In this demo I am going to create a Authoritative Name Server for the domainbindtest.com at the IP of 192.168.11.13, as a note this is only accessible at my internal network so don’t go searching around for it.
To refresh your memory we installed BIND DNS at C:\Windows\System32\dns
1. Start by opening a command prompt with administrative rights by clicking on the Start menu, right click Command Prompt then left click on Run as Administrator
2. Type in the following at the command prompt hitting Enter after each line:
cd c:\windows\system32\dns\bin (or where you installed BIND)
rndc-confgen –a
rndc-confgen > C:\windows\system32\dns\etc\rndc.conf
Close the command prompt
3. Open Explorer and go to C:\windows\system32\dns\etc and create the following directories:
run
zones
log
Create an empty file in the log directory called named.log
4. Download the following file: named.conf and place it inC:\windows\system32\dns\etc (or wherever you installed BIND).
If you did install BIND in a different directory, then in the named.conf go in and change the location in options for the directory to your install location.
5. You also need to modify the named.conf to change the zone to the domain you want to manage.
In our example I am using bindtest.com, but you need to change this to match your domain. You should also change the file name to replacedb.bindtest.com.txt to db.%yourdomain.com%.txt –replacing %yourdomain.com% with your domain name.
6. Open rndc.conf in notepad (in the etc folder) and copy everything below the line that says:
# Use with the following in named.conf
7. Open named.conf and paste the contents of the clipboard at the end of the file.
Remove all the # from each line and delete the first line copied in and the last line copied in so it looks like the picture below. Save and close named.conf
8. Download the following file: db.bindtest.com.txt and place it inC:\windows\system32\dns\etc\zones
9. Rename db.bindtest.com.txt to whatever you used in step 5, so that the file is named db.%yourdomain.com%.txt — replacing %yourdomain.com% with your domain name.
10. Open the db.bindtest.com.txt (or whatever you renamed it) and modify the following then save the file:
Change any reference to bindtest.com to your domain name
Change the serial line to reflect the current date in this format: YYYYMMDDRR
YYYY = YEAR
MM = MONTH
DD = DAY
RR = Revision number (01 if this is the first time)
Change the IPs to the IPs that your servers are using
Now you are configured to be an Authoritative Name Server for bindtest.com (or whatever your domain is named) with no recursive lookup.
Open Server Firewall
If you are using a firewall for your server either software or hardware, you will want to make sure that incoming requests on UDP port 53 are open. This will make sure that your server will accept incoming queries.
Start the BIND DNS Service
Ok, we are finally ready to actually start this service. Let’s go in and start this service.
1. Go to the Start button, then to the Administrative Tools, then left click onServices
2. Scroll down and find ISC Bind and right click on it, then click on Start to start the service.
That’s it! The BIND DNS service is now up and running and ready to accept queries. Let’s test out the service.
Testing BIND DNS
I am going to use a very cool tool that is loaded with BIND DNS that’s calledDIG.
You will find it in the bin directory where you installed BIND. The tool will go out and query for a domain name and grab all the DNS records. Let’s take a look:
1. Open a command prompt and navigate to the bin directory
2. Type in the following to get a feel for what you get back and hit Enter:
Dig Yahoo.com any
3. Below you will see a piece of the output:
4. Now that you know what to look for, I am going to use my test domainbindtest.com with the dig tool by typing: Dig @192.168.11.13 bindtest.com any
Note: I use @192.168.11.13 because bindtest.com is not registered with ICANN so it tells dig to use the name server at that address.
5. You can see that the BIND Name Server is responding with the correct information:
We have now configured an Authoritative Name Server for the test serverbindtest.com that responds correctly to DNS requests.
A quick note, when you make changes you will have to restart the ISC BIND Service or run the command c:\windows\system32\dns\bin\rndc reload from a command prompt or batch file.