Mastering BIND DNS: Step‑by‑Step Installation, Configuration, and Testing

Overview

The article provides a comprehensive tutorial for Linux system administrators to install, configure, and manage a BIND DNS server, covering forward and reverse zone setup, master‑slave replication, and client testing on Windows and Linux.

1. Installing BIND

Install the BIND package via yum or RPM: yum install bind -y or rpm -ivh bind-x.x.x-x.el7.x86_64.rpm Locate configuration files using: rpm -qc bind Key files: /etc/named.conf – global settings /etc/named.rfc1912.zones – zone definitions /var/named/named.localhost – default zone data

2. Configuring the Primary (Forward) Server

Edit /etc/named.conf to set listening address, directory, and allowed query networks. Example snippet:

options {
    listen-on port 53 { 20.0.0.100; };
    allow-query { any; };
    directory "/var/named";
    // other logging and statistics files omitted for brevity
};

Define the root zone and include standard zones:

zone "." IN { type hint; file "named.ca"; };
include "/etc/named.rfc1912.zones";

2.1 Adding a Forward Zone

Create or edit /etc/named.rfc1912.zones and add:

zone "my.com" IN {
    type master;
    file "my.com.zone";
    allow-update { none; };
};

Populate my.com.zone with SOA, NS, A, MX, CNAME, and wildcard records. Example:

$TTL 1D
@ IN SOA my.com. rname.invalid. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
NS my.com.
A 20.0.0.11
MX 10 mail.my.com.
www IN A 20.0.0.20
ftp IN CNAME www
* IN A 20.0.0.20

3. Configuring Reverse (PTR) Zones

Add a reverse zone for the 20.0.0.0/24 network:

zone "0.0.20.in-addr.arpa" IN {
    type master;
    file "my.com.zone.local";
    allow-update { none; };
};

In the reverse zone file:

$TTL 1D
@ IN SOA my.com. rname.invalid. (
    0 ; serial
    1D ; refresh
    1H ; retry
    1W ; expire
    3H ) ; minimum
NS my.com.
100 IN PTR www.my.com.
200 IN PTR mail.my.com.

4. Master‑Slave Synchronization

4.1 Primary Server

Allow transfers to the secondary IP (20.0.0.12):

zone "my.com" IN {
    type master;
    file "my.com.zone";
    allow-transfer { 20.0.0.12; };
};
zone "0.0.20.in-addr.arpa" IN {
    type master;
    file "my.com.zone.local";
    allow-transfer { 20.0.0.12; };
};

4.2 Secondary Server

Install BIND and configure it as a slave:

options {
    listen-on port 53 { 20.0.0.12; };
    allow-query { any; };
    directory "/var/named";
};
zone "my.com" IN {
    type slave;
    file "slaves/my.com.zone";
    masters { 20.0.0.11; };
};
zone "0.0.20.in-addr.arpa" IN {
    type slave;
    file "slaves/my.com.zone.local";
    masters { 20.0.0.11; };
};

Restart BIND on both servers and verify that the slave has pulled the zone files.

5. Client Configuration and Testing

5.1 Windows

Set the DNS server IP (20.0.0.11) in the network adapter and use nslookup to test forward and reverse lookups:

nslookup www.my.com
nslookup 20.0.0.100

5.2 Linux

Update /etc/resolv.conf: nameserver 20.0.0.11 Test with host or nslookup:

host www.my.com
host 20.0.0.100

6. Validation and Troubleshooting

Check zone syntax: named-checkzone my.com /var/named/my.com.zone Validate the overall configuration: named-checkconf -z /etc/named.conf Confirm BIND is listening: netstat -natpul | grep 53 View logs:

tail -f /var/log/messages

7. Simulating Failure

Stop the primary server ( systemctl stop named) and verify that the secondary continues to resolve queries, demonstrating redundancy.

References

Original article: https://blog.csdn.net/qq_44421043/article/details/141304442

GitHub: https://github.com/raymond999999

Gitee: https://gitee.com/raymond9