Debian – Setting up a DNS name server for a mass virtual host with Bind9

binddebiandomain-name-systemnameserver

I am trying to set up a chrooted DNS name server in a local LAN like this everyone connected in the LAN can have access to the mass virtual hosts defined for a development ambience without having to edit manually their local /etc/hosts one by one. The mass virtual host is named example.user.dev (VirtualDocumentRoot /home/user/example ) and example.test (DocumentRoot /var/www/example).

I set up everything and the /var/log/syslog doesn't show any error, but when checking the DNS with:

host -v example.test

Doesn't find the host. Also using the dig command I don't receive answer.

dig -x example.test

; <<>> DiG 9.5.1-P3 <<>> -x example
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47844
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;example.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 600 IN SOA a.root-servers.net. dns-ops.arin.net. 2010042604 1800 900 691200 10800

;; Query time: 108 msec
;; SERVER: 80.58.0.33#53(80.58.0.33)
;; WHEN: Mon Apr 26 11:15:53 2010
;; MSG SIZE rcvd: 107

My configuration is the following:

/etc/bind/named.conf.local

zone "example.test" { 

   type master;  
   allow-query { any; };
   file "/etc/bind/zones/master_example.test";
   notify yes;

};

zone "1.168.192.in-addr.arpa" { 

   type master;
   allow-query { any; };
   file "/etc/bind/zones/master_1.168.192.in-addr.arpa";
   notify yes;

};

/etc/bind/named.conf.options

  • Note: We have an static IP address so I forward the querys to DNS server to said IP address.

options{

    directory "/var/cache/bind";  
    forwarders { 80.34.100.160; };
    auth-nxdomain no;  
    listen-on-v6 { any; };

};

/etc/bind/zones/master_example.test

$ORIGIN example.test.
$TTL 86400
@ IN SOA example.test. root.example.test. (

                   201004227       ; serial  
                   28800              ; refresh  
                   14400              ; retry  
                   3600000              ; expire  
                   86400 )            ; min

;

TXT "example.test, DNS service"
@ IN NS example.test.
localhost A 127.0.0.1
example.test. A 192.168.1.52
example A 192.168.1.52
www CNAME example.test.

/etc/hosts

127.0.0.1 localhost example
192.168.1.52 localhost example example.test

/etc/resolv.conf

  • Note: For Bind I just added the 3 last lines.

nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254

search example.test
search example
nameserver 192.168.1.52

EDIT

Some major changes. Now I have this configuration:

/etc/resolv.conf

search example.test
search example
nameserver 192.168.1.52

nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254

/etc/hosts

127.0.0.1 localhost example example.test
192.168.1.52 dns1.example.test

/etc/bind/named.conf.local

I just commented out the reverse address zone.

/etc/bind/zones/master_example.test

$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. (

                   2010042214       ; serial  
                   21600              ; refresh  
                   3600              ; retry  
                   604800              ; expire  
                   86400 )            ; min

IN NS dns1.example.test.
IN NS dns2.example.test.
IN A 192.168.1.52

example IN A 192.168.1.52
dns1 IN A 192.168.1.52
dns2 IN A 192.168.1.52
www CNAME example

And now executing:

dig example.test @192.168.1.52

; <<>> DiG 9.5.1-P3 <<>> example.test @192.168.1.52
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;example.test. IN A

;; ANSWER SECTION:
example.test. 86400 IN A 192.168.1.52

;; AUTHORITY SECTION:
example.test. 86400 IN NS dns1.example.test.
example.test. 86400 IN NS dns2.example.test.

;; ADDITIONAL SECTION:
dns1.example.test. 86400 IN A 192.168.1.52
dns2.example.test. 86400 IN A 192.168.1.52

;; Query time: 1 msec
;; SERVER: 192.168.1.52#53(192.168.1.52)
;; WHEN: Mon Apr 26 12:38:56 2010
;; MSG SIZE rcvd: 118

So, now, which should be my next step forward?

EDIT 2

I left the DNS server resolv.conf like this:

nameserver 192.168.1.52
nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254

and added the DNS server addres 192.168.1.52 to any client computer in their resolv.conf

Like this I am able to reach from each computer to http://example.test .

For being able to reach to each individual virtual host of the development ambience should I create a new zone or use a wildcard in the example.test zone I created?

EDIT 3

Finally I left my zones like this. One zone for the test virtual host, and the other one for the mass virtual host for development issues. Everything works as I wanted and with fastness and a good performance. Don't know if there is a better configuration than this for the system I built. Any advise would be taken care of.

master_example.test

$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. ( 

                        2010042215       ; serial  
                        21600              ; refresh  
                        3600              ; retry  
                        604800              ; expire  
                        86400 )            ; min

@ IN NS dns1.example.test.
@ IN NS dns2.example.test.
@ IN A 192.168.1.52
www IN CNAME @

master_dev

$ORIGIN dev.
$TTL 86400
@ IN SOA dev. hostmaster.dev. ( 

                        2010042215       ; serial  
                        21600              ; refresh  
                        3600              ; retry  
                        604800              ; expire  
                        86400 )            ; min

@ IN NS dev.
@ IN A 192.168.1.52
*.dev. IN A 192.168.1.52

/etc/bind/named.conf.local

zone "example.test" { 

   type master;  
   allow-query { any; };
   file "/etc/bind/zones/master_example.test";
   notify yes;

};

zone "dev" { 

   type master;  
   allow-query { any; };
   file "/etc/bind/zones/master_dev";
   notify yes;

};

zone "1.168.192.in-addr.arpa" { 

   type master;
   allow-query { any; };
   file "/etc/bind/zones/master_1.168.192.in-addr.arpa";
   notify yes;

};

/etc/bind/named.conf.options

  • Note: We have an static IP address so I forward the querys to DNS server to said IP address. Finally I added to the forwarders the ISP DNS IP in order to not do a bottle-neck in the web traffic, because experimentally I had a high raise in the speed for HTTP connections inside and outside of the local LAN.

options{

    directory "/var/cache/bind";
    allow-query { 192.168.1.0/24; localhost;};
    allow-recursion { 192.168.1.0/24; localhost;};
    forwarders { 80.58.0.33; 80.34.100.160; };
    auth-nxdomain no;  
    listen-on-v6 { any; };

};

Best Answer

Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.

You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.

To see if your BIND is configured correctly, try this:

dig example.test @192.168.1.52
Related Topic