======================================= FREEBSD BIND9 PRIMARY & SECONDARY DNS SERVER ======================================= If you are creating a dns server for a (non existent) private domain you should block it off at the firewall so that is not accessible to the public. You should also make sure it is truly non existent or create an internal sub domain for this purpose. For example alpha.bw.genunix.com beta.bw.genunix.com charlie.bw.genunix.com OR alpha.genunix beta.genunix charlie.genunix In this exercise our internal network is 192.168.100.0/24 and we will be creating both a primary and secondary dns servers using "bw.genunix.com". ======================================= install bind9 (primary & secondary) --------------------------------------- pkg search bind9 pkg install bind918 bind-tools ======================================= /etc/rc.conf (primary & secondary) --------------------------------------- # named bind918 named_enable="YES" ======================================= /usr/local/etc/namedb/named.conf (primary & secondary) --------------------------------------- This is the config file to control the behaviour of the server. ....................................... // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/local/share/doc/bind for more details. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { // All file and path names are relative to the chroot directory, // if any, and should be fully qualified. directory "/usr/local/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // These zones are already covered by the empty zones listed below. // If you remove the related empty zones below, comment these lines out. disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. //// forwarders { //// 94.140.14.14; //// 94.140.15.15; //// }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 allow-query { any; }; allow-transfer { none; }; transfers-in 100; transfers-out 100; recursion yes; // yes will allow the addresses in the allow-recursion list allow-recursion-on { any; }; // interface allow-recursion { 127.0.0.1; 192.168.0.0/16; 172.16.0.0/12; 10.0.0.0/8; 11.22.33.44/29; // a friend 24.24.24.24/24; // another friend }; version "Not Available"; rate-limit { responses-per-second 10; }; }; // I moved all the root zones to named.conf.root for my own sanity include "/usr/local/etc/namedb/named.conf.root"; // I moved all the hosted zones to named.conf.zones for my own sanity include "/usr/local/etc/namedb/named.conf.zones"; ======================================= /usr/local/etc/namedb/named.conf.root (primary & secondary) --------------------------------------- This is the standard root servers config copied from the original named.conf file of the installed bind package. ....................................... // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. // The traditional root hints mechanism. Use this, OR the secondary zones below. zone "." { type hint; file "/usr/local/etc/namedb/named.root"; }; /* Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root name servers. This has two significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots */ // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) zone "localhost" { type primary; file "/usr/local/etc/namedb/primary/localhost-forward.db"; }; zone "127.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; }; zone "255.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // RFC 1912-style zone for IPv6 localhost address (RFC 6303) zone "0.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; }; // "This" Network (RFCs 1912, 5735 and 6303) zone "0.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // Private Use Networks (RFCs 1918, 5735 and 6303) zone "10.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "16.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "17.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "18.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "19.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "20.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "21.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "22.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "23.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "24.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "25.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "26.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "27.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "28.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "29.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "30.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "31.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "168.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // Shared Address Space (RFC 6598) zone "64.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "65.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "66.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "67.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "68.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "69.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "70.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "71.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "72.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "73.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "74.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "75.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "76.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "77.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "78.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "79.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "80.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "81.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "82.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "83.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "84.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "85.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "86.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "87.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "88.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "89.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "90.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "91.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "92.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "93.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "94.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "95.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "96.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "97.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "98.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "99.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "100.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "101.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "102.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "103.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "104.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "105.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "106.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "107.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "108.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "109.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "110.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "111.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "112.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "113.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "114.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "115.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "116.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "117.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "118.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "119.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "120.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "121.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "122.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "123.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "124.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "125.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "126.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "127.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // Link-local/APIPA (RFCs 3927, 5735 and 6303) zone "254.169.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IETF protocol assignments (RFCs 5735 and 5736) zone "0.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) zone "2.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "100.51.1100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "113.0.203.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.1100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "19.1100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IANA Reserved - Old Class E Space (RFC 5735) zone "240.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "241.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "242.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "243.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "244.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "245.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "246.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "247.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "248.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "249.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "250.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "251.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "252.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "253.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "254.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IPv6 Unassigned Addresses (RFC 4291) zone "1.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "3.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "4.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "5.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "6.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "7.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "8.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "9.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "a.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "b.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "c.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "d.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "e.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "0.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "1.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "2.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "3.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "4.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "5.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "6.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "7.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "8.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "9.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "a.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "b.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "0.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "1.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "2.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "3.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "4.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "5.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "6.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "7.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IPv6 ULA (RFCs 4193 and 6303) zone "c.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "d.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IPv6 Link Local (RFCs 4291 and 6303) zone "8.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "9.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "a.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "b.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) zone "c.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "d.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "e.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; zone "f.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; // IP6.INT is Deprecated (RFC 4159) zone "ip6.int" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; }; ======================================= /usr/local/etc/namedb/named.conf.zones (primary) --------------------------------------- This is were we configure the domains we will be hosting. ....................................... zone "100.168.192.in-addr.arpa" IN { type primary; file "/usr/local/etc/namedb/primary/db.100.168.192"; allow-transfer { 192.168.100.22; }; }; zone "bw.genunix.com" IN { type primary; file "/usr/local/etc/namedb/primary/db.bw.genunix.com"; allow-transfer { 192.168.100.22; }; }; ======================================= /usr/local/etc/namedb/named.conf.zones (secondary) --------------------------------------- Change "primary" to "secondary" and "allow-transfer" to "masters". ....................................... zone "100.168.192.in-addr.arpa" IN { type secondary; file "/usr/local/etc/namedb/secondary/db.100.168.192"; masters { 192.168.100.21; }; }; zone "bw.genunix.com" IN { type secondary; file "/usr/local/etc/namedb/secondary/db.bw.genunix.com"; masters { 192.168.100.21; }; }; ======================================= /usr/local/etc/namedb/primary/db.100.168.192 (primary) --------------------------------------- Create a reverse lookup table. This is almost useless unless the network is private or you are an ISP. ....................................... ; Created by o1 ; ;$TTL 3D $TTL 1M @ IN SOA ns1.bw.genunix.com. root.bw.genunix.com. ( 1 ; Serial Number 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ; Minimum TTL of 1 day ) @ NS ns1.bw.genunix.com. @ NS ns2.bw.genunix.com. 21 PTR ns1.bw.genunix.com. 22 PTR ns2.bw.genunix.com. 23 PTR alpha.bw.genunix.com. 24 PTR bravo.bw.genunix.com. 25 PTR charlie.bw.genunix.com. 26 PTR delta.bw.genunix.com. 27 PTR echo.bw.genunix.com. ======================================= /usr/local/etc/namedb/primary/db.bw.genunix.com (primary) --------------------------------------- Create the dns zone file for each domain you are hosting. ....................................... ; Created by o1 ; ;$TTL 3D $TTL 1M @ IN SOA ns1.bw.genunix.com. root.bw.genunix.com. ( 1 ; Serial Number 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 86400 ; Minimum TTL of 1 day ) @ NS ns1.bw.genunix.com. @ NS ns2.bw.genunix.com. ;@ A 192.168.100.21 ns1 A 192.168.100.21 ns2 A 192.168.100.22 alpha A 192.168.100.23 bravo A 192.168.100.24 charlie A 192.168.100.25 delta A 192.168.100.26 echo A 192.168.100.27 ======================================= start bind9 (primary & secondary) --------------------------------------- named-checkconf service named start ======================================= /etc/resolv.conf (all internal systems) --------------------------------------- search bw.genunix.com nameserver 192.168.100.21 nameserver 192.168.100.22 ....................................... nslookup alpha nslookup 192.168.100.23 dig alpha dig -x 192.168.100.23 ping alpha ======================================= update dns records (primary) --------------------------------------- Always increment the serial number after adding, changing, or removing any record in a zone file. ....................................... named-checkconf named-checkzone bw.genunix.com /usr/local/etc/namedb/primary/db.bw.genunix.com rndc reload ======================================= :0) ======================================= ======================================= PUBLIC & PRIVATE ======================================= It is also possible to create separate zone files to serve separate public clients and private clients. This is just one way to do it. You will never be doing this if you are simply setting up a dns server for internal use only. ======================================= /usr/local/etc/namedb/named.conf.zones (primary) --------------------------------------- view "private" { match-clients { 127.0.0.1; 192.168.0.0/16; 172.16.0.0/12; 10.0.0.0/8; }; zone "100.168.192.in-addr.arpa" IN { type primary; file "/usr/local/etc/namedb/primary/db.100.168.192.private"; allow-transfer { 192.168.100.22; }; }; zone "bw.genunix.com" IN { type primary; file "/usr/local/etc/namedb/primary/db.bw.genunix.com.private"; allow-transfer { 192.168.100.22; }; }; }; view "public" { match-clients { any; }; zone "33.22.11.in-addr.arpa" IN { type primary; file "/usr/local/etc/namedb/primary/db.33.22.11"; allow-transfer { 11.22.33.44; }; }; zone "bw.genunix.com" IN { type primary; file "/usr/local/etc/namedb/primary/db.bw.genunix.com"; allow-transfer { 11.22.33.44; }; }; }; ======================================= /usr/local/etc/namedb/named.conf.zones (secondary) --------------------------------------- view "private" { match-clients { 127.0.0.1; 192.168.0.0/16; 172.16.0.0/12; 10.0.0.0/8; }; zone "100.168.192.in-addr.arpa" IN { type secondary; file "/usr/local/etc/namedb/secondary/db.100.168.192.private"; masters { 192.168.100.21; }; }; zone "bw.genunix.com" IN { type secondary; file "/usr/local/etc/namedb/secondary/db.bw.genunix.com.private"; masters { 192.168.100.21; }; }; }; view "public" { match-clients { any; }; zone "33.22.11.in-addr.arpa" IN { type secondary; file "/usr/local/etc/namedb/secondary/db.33.22.11"; masters { 11.22.33.44; }; }; zone "bw.genunix.com" IN { type secondary; file "/usr/local/etc/namedb/secondary/db.bw.genunix.com"; masters { 11.22.33.44; }; }; }; ======================================= /usr/local/etc/namedb/primary/db.bw.genunix.com.private (primary) --------------------------------------- ; Created by o1 ; $include "/usr/local/etc/namedb/primary/db.bw.genunix.com" @ A 192.168.100.21 ns1 A 192.168.100.21 ns2 A 192.168.100.22 alpha A 192.168.100.23 bravo A 192.168.100.24 charlie A 192.168.100.25 delta A 192.168.100.26 echo A 192.168.100.27 ======================================= :0) =======================================