The Internet will go bust without DNS and the following is a guide to setting up your own DNS server to provide information about your domains and associated services. While this task can be accomplished very easily when using a hosting control panel, it is great fun to set things up on your own.
The following guide lists the steps to follow if you are looking to install the BIND 9 domain name system on your server. BIND is by far the most popular solution on servers around the world. In this guide, we will be installing it on a Debian 6 machine. It should also work on newer releases of Ubuntu just as well.
- Install the Bind, dnsutils and sysklogd packages:
apt-get install bind9 dnsutils sysklogd - Once Bind is installed, it is automatically started. Let's stop it while we configure the beast:
/etc/init.d/bind9 stop - For security reasons, we need to set up Bind to run as the user bind and restricted to its own directory (via a CHROOT jail). To do this, edit the file
/etc/default/bind9and look for the line that reads:
OPTIONS="-u bind".
Modify this line to:
OPTIONS="-u bind -t /var/lib/named"
Save the file and exit. - Now, let's set up the
/var/lib/nameddirectory tree where the service is restricted to run:
mkdir -p /var/lib/named/etc
mkdir /var/lib/named/dev
mkdir -p /var/lib/named/var/cache/bind
mkdir -p /var/lib/named/var/run/bind/run - We now move the configuration directory from its original directory at
/etc/bindto its new home within/var/lib/named. We, however, create a symbolic link between the old and new locations so that both are valid.
mv /etc/bind /var/lib/named/etc
ln -s /var/lib/named/etc/bind /etc/bind - Some magickery I do not understand: Add null and random devices, and fix the permissions of the directories:
mknod /var/lib/named/dev/null c 1 3
mknod /var/lib/named/dev/random c 1 8
chmod 666 /var/lib/named/dev/null /var/lib/named/dev/random
chown -R bind:bind /var/lib/named/var/*
chown -R bind:bind /var/lib/named/etc/bind - Edit the file
/etc/init.d/bind9and look for a line of code that looks like:
# dirs under /var/run can go away on reboots.
This section needs to be modified to account for the CHROOT jail we set up earlier. To do this, comment out (using a # prefix) the relevant section of code in this file and add the following below it:
CHROOT_DIR=`echo $OPTIONS | cut -d ' ' -f 4`
# dirs under /var/run can go away on reboots.
mkdir -p $CHROOT_DIR/var/run/bind/run
chmod 775 $CHROOT_DIR/var/run/bind/run
chown root:bind $CHROOT_DIR/var/run/bind/run >/dev/null 2>&1 || true
Once done, save the file and exit. - Finally, we need to set up the system log to incorporate bind output. To do this we edit the file
/etc/default/syslogdand modify the line:
SYSLOGD="-u syslog"
to read:
SYSLOGD="-a /var/lib/named/dev/log"
Save the file and exit. - Finally, start/restart the bind and syslog services:
/etc/init.d/sysklogd restart
/etc/init.d/bind9 start
Large swathes of this guide have been adapted from other guides written by people more knowledgeable than I. If you are still encountering difficulties, I recommend perusing through one or more of the following guides:
I will soon be writing another article on adding zones as well as setting up master and slave servers. Click on the tags related to this post to locate them.