DNS server on Debian systems

23:56:00 , 0 Comments



The software was originally designed at the University of California Berkeley (UCB) in the early 1980s.
The name originates as an acronym of Berkeley Internet Name Domain, reflecting the application's use within UCB.
The software consists, most prominently, of the DNS server component, called named, a contracted form of name daemon.

  We install Bind9:

apt-get install bind9
Depending on your configuration may be required more steps, if we use a graphical GUI manager as network-manager simply change dns paragraph by:

127.0.0.1
If you do not have a graphical guide for network management, we must do the following:

apt-get --purge remove resolvconf
edit file /etc/resolv.conf :

nameserver 127.0.0.1
Setup forwarder: Now we just configure forwarders, that should be the DNS of our ISP or others who offer us a good latency, such as those OpenDNS or Google offers. To do this edit the file:

nano -w /etc/bind/named.conf.options
and uncomment the lines where we will add forwarders, in this case I used as an example of google:

options {
        directory "/var/cache/bind";
If there is a firewall between you and nameservers you want to talk to, you may need to fix the firewall to allow multiple ports to talk. See http://www.kb.cert.org/vuls/id/800113.

If your ISP provided one or more IP addresses for stable nameservers, you probably want to use them as forwarders.

Uncomment the following block, and insert the addresses replacing the all-0's placeholder:

forwarders { 8.8.8.8; 8.8.4.4; };
auth-nxdomain no; 
# conform to RFC1035 listen-on-v6 { any; }; };

Now we just need to restart the service to apply the new settings:

/etc/init.d/bind9 restart
Testing: Now we will prove that everything works properly and latencies resolution. We use the dig command:

dig kernel.org
And we will show something like this:

;; Query time: 789 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 01 19:39:23 CEST 2015
;; MSG SIZE  rcvd: 489

If we repeat the query time we see that the low resolution notably, this is because the resolution is already in the cache.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 01 19:40:54 CEST 2015
;; MSG SIZE  rcvd: 489

Note that the cache is located in memory and not on harddisk, if we  restart the service or turn off the computer all cached data will be lost. There are alternatives like DNSMASQ, you do not need configuration and operation is much simpler.

0 comentarios: