DNS – Part 2 – Install Bind9 on Ubuntu
Let’s do this!
Installing packages
First I will install and run the packages:
- bind9 – The DNS server package;
- dnsutils – some tools to test and help operate the server (dnsutils).
On the command line I just run this:
sudo apt-get install bind9 dnsutils
Configuring Bind9
First I’ll configure the DNS servers I’ll forward requests to (and feed on) and my DNS server port.
- I chose to forward requests to Uncesored DNS for historic reasons. The DNS server you use is relevant depending on your case. This is a topic of its own so I’ll leave it for now;
- I use the standard DNS server port 53.
To achieve this I run this to open the named.conf.options file up:
sudo nano /etc/bind/named.conf.options
And then I make it look like this:
options {
directory "/var/cache/bind";
forwarders {
89.233.43.71;
89.104.194.142;
// http://www.uncensoreddns.org/
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on port 53 { any; };
};
Second I tell Bind9 (at the named.conf.local file) where to find the configuration for my domain (at the /etc/bind/zones/zone.joaolino.com file ), a.k.a. the “joaolino.com” zone file .
I run this to open the named.conf.local file up:
sudo nano /etc/bind/named.conf.local
And then I make it look like this:
zone "joaolino.com" {
type master;
file "/etc/bind/zones/zone.joaolino.com";
};
Third let’s make the zones folder to keep thinks nice and neat by running this:
sudo mkdir /etc/bind/zones
Forth it’s time to setup the base domain zone file that is responsible for resolving the domain name. For this it is important to keep in mind that the DNS will be running with a dynamic IP, so TTL has to be a low value to ensure a reasonable minimum down time. On the other hand, I don’t want to force other DNS servers to spam my own server with requests. So spam vs. down-time.
A good estimate for an IP change is about 1 per month. If I set my TTL to 15 minutes, I’ll have a mean down-time of 7 minutes per month. I’ll be up 99.98402% of the time, during a year, One 9. For business solutions you want SLAs with minimum Six 9 (99.999999%). To get that high I would have to setup a TTL of 12 milliseconds. Since I don’t get those many visits, 15 minutes will be fine for now.
To open the file I run:
sudo nano /etc/bind/zones/zone.joaolino.com
Now all that is left to do is paste this inside:
; zone.joaolino.com BIND9 configuration file
;
$TTL 900 ;604800
$INCLUDE /etc/bind/zones/zone.joaolino.com.soa
;
@ IN NS ns.joaolino.com.
@ IN MX 10 mail.joaolino.com.
;
$INCLUDE /etc/bind/zones/zone.joaolino.com.a
news IN CNAME @
proxy IN CNAME @
home IN CNAME @
Configuring the dynamic IP update
I run this to create the configdns script responsible for updating the IP address:
sudo nano /usr/local/bin/configdns
And then I make it look like this:
CURRENT_IP_ADDRESS_EXTERNAL=$(curl ifconfig.me)
OLD_IP_ADDRESS_EXTERNAL=$(/bin/cat /etc/bind/zones/zone.joaolino.com.ipaddress)
if [ "$CURRENT_IP_ADDRESS_EXTERNAL" != "$OLD_IP_ADDRESS_EXTERNAL" ]
then
# Set Variables
BIND_SERIAL=$(($(/bin/cat /etc/bind/zones/zone.joaolino.com.serial)+1))
# Configure serial for joaolino.com zone
/bin/echo "JOAOLINO.COM. IN SOA joaolino83.dynip.sapo.pt. root.joaolino.com. (" > /etc/bind/$
/bin/echo " $BIND_SERIAL ;serial" >> /etc/bind/zones/zone.joaolino.com.soa
/bin/echo " 3600 ;refresh" >> /etc/bind/zones/zone.joaolino.com.soa
/bin/echo " 1800 ;retry" >> /etc/bind/zones/zone.joaolino.com.soa
/bin/echo " 604800 ;expiration" >> /etc/bind/zones/zone.joaolino.com.soa
/bin/echo " 0 ;TTL for NACK" >> /etc/bind/zones/zone.joaolino.com.soa
/bin/echo " )" >> /etc/bind/zones/zone.joaolino.com.soa
/bin/echo "$BIND_SERIAL" > /etc/bind/zones/zone.joaolino.com.serial
# Configure Bind IP
/bin/echo "@ IN A $CURRENT_IP_ADDRESS_EXTERNAL" > /etc/bind/zones/zone.joaolino.com.a
/bin/echo "ns IN A $CURRENT_IP_ADDRESS_EXTERNAL" >> /etc/bind/zones/zone.joaolino.com.a
/bin/echo "mail IN A $CURRENT_IP_ADDRESS_EXTERNAL" >> /etc/bind/zones/zone.joaolino.com.a
/bin/echo "www IN A $CURRENT_IP_ADDRESS_EXTERNAL" >> /etc/bind/zones/zone.joaolino.com.a
/bin/echo "$CURRENT_IP_ADDRESS_EXTERNAL" > /etc/bind/zones/zone.joaolino.com.ipaddress
# Restart Bind9
/usr/sbin/service bind9 restart
named-checkconf
named-checkzone joaolino.com /etc/bind/zones/zone.joaolino.com
fi
Now I just run this to make the script executable:
sudo chmod +x /usr/local/bin/configdns
Because the change in IP address can happen at any minute, I’ll schedule a cron job to keep an eye on that. I open the crontab by typing
sudo nano /etc/crontab
And then I add this line to the end of the file:
* * * * * root /usr/local/bin/configdns