Linux - BIND

BIND - Berkeley Internet Name Domain

Caching Name Server

A caching name server simply caches the results for all name resolver requests from the network that it serves to speed up responses for future requests for the same remote host

By default, BIND refers to the internet's root name servers to locate the authoritative name servers for a domain

Make backup copies of the following:
- /etc/hosts
- /etc/named.conf
- /etc/resolv.conf
- /etc/sysconfig/iptables
Install the following packages:
- bind
- bind-utils
- bind-chroot
Add a line in resolv.conf go point to your name server. These changes should take effect immediately (i.e. no reboot or system command should be necessary)
```
name server     192.168.1.1
```

Edit /etc/named.conf

listen-on - configure BIND to listen on port 53 specifying the relevant IP addresses to listen on
allow-query - configure BIND as to which network addresses from which DNS queries should be accepted

options {
    listen-on port 53 { 127.0.0.1; 192.168.0.203; };
//  listen-on-v6 port 53 { ::1; };
    forwarders { 8.8.8.8; 8.8.4.4; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file  "/var/named/data/named_mem_stats.txt";
    allow-query { localhost; 192.168.0.0;24; };
    recursion yes;


    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* path to ISC DLV key */
    binkeys-file "/etc/named.iscdiv.key";

    managed-keys-directory "/var/named/dynamic";
};
logging {
    channel default_debug {
        file "data/named.run";
        severity dynamic;
    };
};
zone "." IN {
    type hint;
    file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Start the name service

systemctl enable named
systemctl start named

Test using dig
```
dig www.apple.com
```

Primary Name Server

A Primary Name Server is the authoritative source for the domain it represents.

Forward Zone File

The Forward Zone File contains "A" records for the hosts on your network.
It may also contain CNAME records (aliases) and MX records (for mail servers)

Here is a basic Forward Zone File (e.g. var/named/foo.com.zone:

; Authoritative data for foo.com
;
; Default Time to Live (Caching interval) 1 Day 
$TTL 1D
;
; SOA (Start of Authority)
; - use today's date with a counter starting at 01 for the serial number
;   the serial number is set or incremented each time the zone file is changed
;   
@   IN SOA  foo.foo.com       root.foo.foo.com (
                                       2019010101      ; serial
                                       1D              ; refresh
                                       1H              ; retry
                                       1W              ; expire
                                       3H )            ; minimum

$ORIGIN         foo.com.
foo.com.                IN      NS      foo.foo.com.
foo                     IN      A       127.0.0.1
server                  IN      A       192.168.1.1
www                     IN      CNAME   server
mail                    IN      CNAME   server
test1                   IN      A       192.168.1.11
t1                      IN      CNAME   test1
test2                   IN      A       192.168.1.2
test3                   IN      A       192.168.1.3
test4                   IN      A       192.168.1.4

; Mail server MX record
foo.com.                IN      MX      10      mail.foo.com.

Add zone file to named.conf. Add it just before the include lines

zone "foo.com" IN {
    type master;
    file "foo.com.zone";
};

Restart named

Test using dig and nslookkup

dig test1.foo.com
dig mx.foo.com
dig mail.foo.com
nslookup test3.foo.com

Reverse Zone File

A reverse lookup goes from IP address to hostname
Create a reverse zone file: /var/named/foo.com.rev

Add the reverse zone to named.conf:

zone    "25.168.192.in-addr.arpa" IN {
    type master;
    file "foo.com.rev";
};

Restart named server
Test using dig
```
dig -x 192.168.1.1
```