BIND nameserver with FreeBSD
Install
We look for the bind9 package in the repositories
root@fbsdsrv01:~ # pkg search bind
...
...
...
bind-tools-9.18.7 Command line tools from BIND: delv, dig, host, nslookup...
bind9-devel-9.19.3.2022.06.16 BIND DNS suite with updated DNSSEC and DNS64
bind916-9.16.33 BIND DNS suite with updated DNSSEC and DNS64
bind918-9.18.7 BIND DNS suite with updated DNSSEC and DNS64
bind_exporter-0.4.0_5 Prometheus exporter for BIND server statistics
bindgraph-0.3_1 RRDtool frontend for BIND statistics
bindtest-1.56_1 Test bind() semantics of IPv6 sockets
...
...
...
root@fbsdsrv01:~ #
And we install it
root@fbsdsrv01:~ # pkg install bind918-9.18.7
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 16 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
bind-tools: 9.18.7
bind918: 9.18.7
fstrm: 0.6.1
indexinfo: 0.3.1
json-c: 0.16
libedit: 3.1.20210910,1
libevent: 2.1.12
libidn2: 2.3.3
libnghttp2: 1.48.0
libunistring: 1.0
libuv: 1.44.2
libxml2: 2.10.2
lmdb: 0.9.29_1,1
protobuf: 3.20.1,1
protobuf-c: 1.4.1
readline: 8.1.2
Number of packages to be installed: 16
The process will require 75 MiB more space.
13 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/16] Fetching indexinfo-0.3.1.pkg: 100% 5 KiB 5.5kB/s 00:01
[2/16] Fetching libnghttp2-1.48.0.pkg: 100% 110 KiB 113.0kB/s 00:01
[3/16] Fetching libxml2-2.10.2.pkg: 100% 1 MiB 1.0MB/s 00:01
[4/16] Fetching lmdb-0.9.29_1,1.pkg: 100% 92 KiB 94.1kB/s 00:01
[5/16] Fetching libedit-3.1.20210910,1.pkg: 100% 119 KiB 121.6kB/s 00:01
[6/16] Fetching libidn2-2.3.3.pkg: 100% 129 KiB 132.0kB/s 00:01
[7/16] Fetching bind-tools-9.18.7.pkg: 100% 1 MiB 1.2MB/s 00:01
[8/16] Fetching fstrm-0.6.1.pkg: 100% 60 KiB 61.7kB/s 00:01
[9/16] Fetching libuv-1.44.2.pkg: 100% 104 KiB 106.3kB/s 00:01
[10/16] Fetching protobuf-3.20.1,1.pkg: 100% 3 MiB 2.8MB/s 00:01
[11/16] Fetching libunistring-1.0.pkg: 100% 515 KiB 527.7kB/s 00:01
[12/16] Fetching readline-8.1.2.pkg: 100% 335 KiB 343.2kB/s 00:01
[13/16] Fetching protobuf-c-1.4.1.pkg: 100% 172 KiB 176.0kB/s 00:01
[14/16] Fetching json-c-0.16.pkg: 100% 62 KiB 63.3kB/s 00:01
[15/16] Fetching libevent-2.1.12.pkg: 100% 291 KiB 298.2kB/s 00:01
[16/16] Fetching bind918-9.18.7.pkg: 100% 6 MiB 6.7MB/s 00:01
Checking integrity... done (0 conflicting)
[1/16] Installing indexinfo-0.3.1...
[1/16] Extracting indexinfo-0.3.1: 100%
[2/16] Installing libunistring-1.0...
[2/16] Extracting libunistring-1.0: 100%
[3/16] Installing readline-8.1.2...
[3/16] Extracting readline-8.1.2: 100%
[4/16] Installing libnghttp2-1.48.0...
[4/16] Extracting libnghttp2-1.48.0: 100%
[5/16] Installing libxml2-2.10.2...
[5/16] Extracting libxml2-2.10.2: 100%
[6/16] Installing libedit-3.1.20210910,1...
[6/16] Extracting libedit-3.1.20210910,1: 100%
[7/16] Installing libidn2-2.3.3...
[7/16] Extracting libidn2-2.3.3: 100%
[8/16] Installing libuv-1.44.2...
[8/16] Extracting libuv-1.44.2: 100%
[9/16] Installing protobuf-3.20.1,1...
[9/16] Extracting protobuf-3.20.1,1: 100%
[10/16] Installing json-c-0.16...
[10/16] Extracting json-c-0.16: 100%
[11/16] Installing libevent-2.1.12...
[11/16] Extracting libevent-2.1.12: 100%
[12/16] Installing lmdb-0.9.29_1,1...
[12/16] Extracting lmdb-0.9.29_1,1: 100%
[13/16] Installing bind-tools-9.18.7...
[13/16] Extracting bind-tools-9.18.7: 100%
[14/16] Installing fstrm-0.6.1...
[14/16] Extracting fstrm-0.6.1: 100%
[15/16] Installing protobuf-c-1.4.1...
[15/16] Extracting protobuf-c-1.4.1: 100%
[16/16] Installing bind918-9.18.7...
[16/16] Extracting bind918-9.18.7: 100%
=====
Message from bind918-9.18.7:
--
BIND requires configuration of rndc, including a "secret"
key. The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' to generate the proper conf file,
with a new random key, and appropriate file permissions.
The /usr/local/etc/rc.d/named script will do that for you.
If using syslog to log the BIND9 activity, and using a
chroot'ed installation, you will need to tell syslog to install
a log socket in the BIND9 chroot by running:
# sysrc altlog_proglist+=named
And then restarting syslogd with: service syslogd restart
root@fbsdsrv01:~ #
Configuration
Search for the service in the list of installed services
root@fbsdsrv01:~ # service -r | grep named
/usr/local/etc/rc.d/named
root@fbsdsrv01:~ #
And what is your RC variable for the /etc/rc.conf file?
root@fbsdsrv01:~ # /usr/local/etc/rc.d/named rcvar
# named : named BIND startup script
#
named_enable="NO"
# (default: "")
root@fbsdsrv01:~ #
We configure the service to start at boot time, for this we needed the above command
root@fbsdsrv01:~ # sysrc named_enable="YES"
named_enable: -> YES
root@fbsdsrv01:~ #
To establish a minimum of security we implement TSIG by creating the RNDC key that will allow dynamic updates from, for example, a DHCP server.
root@fbsdsrv01:~ # rndc-confgen -a
wrote key file "/usr/local/etc/namedb/rndc.key"
root@fbsdsrv01:~ # chmod 440 /usr/local/etc/namedb/rndc.key
root@fbsdsrv01:~ #
We make a backup copy of the configuration file
root@fbsdsrv01:~ # cp /usr/local/etc/namedb/named.conf /usr/local/etc/namedb/named.conf.0
root@fbsdsrv01:~ #
Create a configuration file for bind9 adapted to our network
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; };
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
forwarders {
127.0.0.1;
};
include "/usr/local/etc/namedb/rndc.key";
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
zone "localhost" { type primary; file "/usr/local/etc/namedb/primary/localhost-forward.db"; };
zone "127.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/localhost-reverse.db"; };
zone "0.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "10.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "16.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "17.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "18.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "19.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "20.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "21.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "22.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "23.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "24.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "25.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "26.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "27.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "28.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "29.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "30.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "31.172.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "168.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "64.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "65.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "66.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "67.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "68.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "69.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "70.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "71.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "72.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "73.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "74.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "75.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "76.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "77.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "78.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "79.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "80.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "81.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "82.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "83.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "84.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "85.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "86.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "87.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "88.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "89.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "90.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "91.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "92.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "93.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "94.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "95.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "96.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "97.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "98.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "99.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "100.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "101.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "102.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "103.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "104.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "105.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "106.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "107.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "108.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "109.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "110.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "111.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "112.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "113.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "114.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "115.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "116.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "117.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "118.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "119.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "120.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "121.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "122.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "123.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "124.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "125.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "126.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "127.100.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "254.169.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.0.192.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "100.51.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "113.0.203.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "18.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "19.198.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "240.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "241.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "242.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "243.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "244.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "245.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "246.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "247.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "248.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "249.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "250.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "251.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "252.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "253.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "254.in-addr.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "e.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "0.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "1.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "2.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "3.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "4.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "5.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "6.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "7.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "8.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "9.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "a.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "b.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "c.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "d.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "e.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "f.e.f.ip6.arpa" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "ip6.int" { type primary; file "/usr/local/etc/namedb/primary/empty.db"; };
zone "example.org" {
type primary;
allow-update { key rndc-key; };
file "/usr/local/etc/namedb/dynamic/example.org";
};
zone "1.168.192.in-addr.arpa" {
type secondary;
file "/usr/local/etc/namedb/secondary/1.168.192.in-addr.arpa";
primaries { 192.168.1.1; };
};
The above file is an example and we will have to adapt the zones to our needs.
We create the zone files that will feed bind9 and contain the records we need.
File /usr/local/etc/namedb/dynamic/example.org
$ORIGIN .
$TTL 3600 ; 1 hour
example.net IN SOA server.example.net. admin.example.net. (
0 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS server.example.net.
MX 10 server.example.net.
$ORIGIN example.net.
server A 192.168.1.1
ftp CNAME server
mx CNAME server
ns CNAME server
www CNAME server
Fichero /usr/local/etc/namedb/dynamic/example.org
$ORIGIN .
$TTL 3600 ; 1 hour
1.168.192.in-addr.arpa IN SOA server.example.net. admin.example.net. (
0 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS server.example.net.
MX 10 server.example.net.
$ORIGIN 1.168.192.in-addr.arpa.
1 PTR server.example.net.
The Bind9 service needs to be able to modify and update its own files. We assign its property
root@fbsdsrv01:~ # chown bind:bind /usr/local/etc/namedb/dynamic/*
root@fbsdsrv01:~ #
Service testing
root@fbsdsrv01:~ # named-checkconf -zj
zone localhost/IN: loaded serial 42
zone 127.in-addr.arpa/IN: loaded serial 42
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.ip6.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone 10.in-addr.arpa/IN: loaded serial 42
zone 16.172.in-addr.arpa/IN: loaded serial 42
zone 17.172.in-addr.arpa/IN: loaded serial 42
zone 18.172.in-addr.arpa/IN: loaded serial 42
zone 19.172.in-addr.arpa/IN: loaded serial 42
zone 20.172.in-addr.arpa/IN: loaded serial 42
zone 21.172.in-addr.arpa/IN: loaded serial 42
zone 22.172.in-addr.arpa/IN: loaded serial 42
zone 23.172.in-addr.arpa/IN: loaded serial 42
zone 24.172.in-addr.arpa/IN: loaded serial 42
zone 25.172.in-addr.arpa/IN: loaded serial 42
zone 26.172.in-addr.arpa/IN: loaded serial 42
zone 27.172.in-addr.arpa/IN: loaded serial 42
zone 28.172.in-addr.arpa/IN: loaded serial 42
zone 29.172.in-addr.arpa/IN: loaded serial 42
zone 30.172.in-addr.arpa/IN: loaded serial 42
zone 31.172.in-addr.arpa/IN: loaded serial 42
zone 168.192.in-addr.arpa/IN: loaded serial 42
zone 64.100.in-addr.arpa/IN: loaded serial 42
zone 65.100.in-addr.arpa/IN: loaded serial 42
zone 66.100.in-addr.arpa/IN: loaded serial 42
zone 67.100.in-addr.arpa/IN: loaded serial 42
zone 68.100.in-addr.arpa/IN: loaded serial 42
zone 69.100.in-addr.arpa/IN: loaded serial 42
zone 70.100.in-addr.arpa/IN: loaded serial 42
zone 71.100.in-addr.arpa/IN: loaded serial 42
zone 72.100.in-addr.arpa/IN: loaded serial 42
zone 73.100.in-addr.arpa/IN: loaded serial 42
zone 74.100.in-addr.arpa/IN: loaded serial 42
zone 75.100.in-addr.arpa/IN: loaded serial 42
zone 76.100.in-addr.arpa/IN: loaded serial 42
zone 77.100.in-addr.arpa/IN: loaded serial 42
zone 78.100.in-addr.arpa/IN: loaded serial 42
zone 79.100.in-addr.arpa/IN: loaded serial 42
zone 80.100.in-addr.arpa/IN: loaded serial 42
zone 81.100.in-addr.arpa/IN: loaded serial 42
zone 82.100.in-addr.arpa/IN: loaded serial 42
zone 83.100.in-addr.arpa/IN: loaded serial 42
zone 84.100.in-addr.arpa/IN: loaded serial 42
zone 85.100.in-addr.arpa/IN: loaded serial 42
zone 86.100.in-addr.arpa/IN: loaded serial 42
zone 87.100.in-addr.arpa/IN: loaded serial 42
zone 88.100.in-addr.arpa/IN: loaded serial 42
zone 89.100.in-addr.arpa/IN: loaded serial 42
zone 90.100.in-addr.arpa/IN: loaded serial 42
zone 91.100.in-addr.arpa/IN: loaded serial 42
zone 92.100.in-addr.arpa/IN: loaded serial 42
zone 93.100.in-addr.arpa/IN: loaded serial 42
zone 94.100.in-addr.arpa/IN: loaded serial 42
zone 95.100.in-addr.arpa/IN: loaded serial 42
zone 96.100.in-addr.arpa/IN: loaded serial 42
zone 97.100.in-addr.arpa/IN: loaded serial 42
zone 98.100.in-addr.arpa/IN: loaded serial 42
zone 99.100.in-addr.arpa/IN: loaded serial 42
zone 100.100.in-addr.arpa/IN: loaded serial 42
zone 101.100.in-addr.arpa/IN: loaded serial 42
zone 102.100.in-addr.arpa/IN: loaded serial 42
zone 103.100.in-addr.arpa/IN: loaded serial 42
zone 104.100.in-addr.arpa/IN: loaded serial 42
zone 105.100.in-addr.arpa/IN: loaded serial 42
zone 106.100.in-addr.arpa/IN: loaded serial 42
zone 107.100.in-addr.arpa/IN: loaded serial 42
zone 108.100.in-addr.arpa/IN: loaded serial 42
zone 109.100.in-addr.arpa/IN: loaded serial 42
zone 110.100.in-addr.arpa/IN: loaded serial 42
zone 111.100.in-addr.arpa/IN: loaded serial 42
zone 112.100.in-addr.arpa/IN: loaded serial 42
zone 113.100.in-addr.arpa/IN: loaded serial 42
zone 114.100.in-addr.arpa/IN: loaded serial 42
zone 115.100.in-addr.arpa/IN: loaded serial 42
zone 116.100.in-addr.arpa/IN: loaded serial 42
zone 117.100.in-addr.arpa/IN: loaded serial 42
zone 118.100.in-addr.arpa/IN: loaded serial 42
zone 119.100.in-addr.arpa/IN: loaded serial 42
zone 120.100.in-addr.arpa/IN: loaded serial 42
zone 121.100.in-addr.arpa/IN: loaded serial 42
zone 122.100.in-addr.arpa/IN: loaded serial 42
zone 123.100.in-addr.arpa/IN: loaded serial 42
zone 124.100.in-addr.arpa/IN: loaded serial 42
zone 125.100.in-addr.arpa/IN: loaded serial 42
zone 126.100.in-addr.arpa/IN: loaded serial 42
zone 127.100.in-addr.arpa/IN: loaded serial 42
zone 254.169.in-addr.arpa/IN: loaded serial 42
zone 0.0.192.in-addr.arpa/IN: loaded serial 42
zone 2.0.192.in-addr.arpa/IN: loaded serial 42
zone 100.51.198.in-addr.arpa/IN: loaded serial 42
zone 113.0.203.in-addr.arpa/IN: loaded serial 42
zone 8.b.d.0.1.0.0.2.ip6.arpa/IN: loaded serial 42
zone 18.198.in-addr.arpa/IN: loaded serial 42
zone 19.198.in-addr.arpa/IN: loaded serial 42
zone 240.in-addr.arpa/IN: loaded serial 42
zone 241.in-addr.arpa/IN: loaded serial 42
zone 242.in-addr.arpa/IN: loaded serial 42
zone 243.in-addr.arpa/IN: loaded serial 42
zone 244.in-addr.arpa/IN: loaded serial 42
zone 245.in-addr.arpa/IN: loaded serial 42
zone 246.in-addr.arpa/IN: loaded serial 42
zone 247.in-addr.arpa/IN: loaded serial 42
zone 248.in-addr.arpa/IN: loaded serial 42
zone 249.in-addr.arpa/IN: loaded serial 42
zone 250.in-addr.arpa/IN: loaded serial 42
zone 251.in-addr.arpa/IN: loaded serial 42
zone 252.in-addr.arpa/IN: loaded serial 42
zone 253.in-addr.arpa/IN: loaded serial 42
zone 254.in-addr.arpa/IN: loaded serial 42
zone 1.ip6.arpa/IN: loaded serial 42
zone 3.ip6.arpa/IN: loaded serial 42
zone 4.ip6.arpa/IN: loaded serial 42
zone 5.ip6.arpa/IN: loaded serial 42
zone 6.ip6.arpa/IN: loaded serial 42
zone 7.ip6.arpa/IN: loaded serial 42
zone 8.ip6.arpa/IN: loaded serial 42
zone 9.ip6.arpa/IN: loaded serial 42
zone a.ip6.arpa/IN: loaded serial 42
zone b.ip6.arpa/IN: loaded serial 42
zone c.ip6.arpa/IN: loaded serial 42
zone d.ip6.arpa/IN: loaded serial 42
zone e.ip6.arpa/IN: loaded serial 42
zone 0.f.ip6.arpa/IN: loaded serial 42
zone 1.f.ip6.arpa/IN: loaded serial 42
zone 2.f.ip6.arpa/IN: loaded serial 42
zone 3.f.ip6.arpa/IN: loaded serial 42
zone 4.f.ip6.arpa/IN: loaded serial 42
zone 5.f.ip6.arpa/IN: loaded serial 42
zone 6.f.ip6.arpa/IN: loaded serial 42
zone 7.f.ip6.arpa/IN: loaded serial 42
zone 8.f.ip6.arpa/IN: loaded serial 42
zone 9.f.ip6.arpa/IN: loaded serial 42
zone a.f.ip6.arpa/IN: loaded serial 42
zone b.f.ip6.arpa/IN: loaded serial 42
zone 0.e.f.ip6.arpa/IN: loaded serial 42
zone 1.e.f.ip6.arpa/IN: loaded serial 42
zone 2.e.f.ip6.arpa/IN: loaded serial 42
zone 3.e.f.ip6.arpa/IN: loaded serial 42
zone 4.e.f.ip6.arpa/IN: loaded serial 42
zone 5.e.f.ip6.arpa/IN: loaded serial 42
zone 6.e.f.ip6.arpa/IN: loaded serial 42
zone 7.e.f.ip6.arpa/IN: loaded serial 42
zone c.f.ip6.arpa/IN: loaded serial 42
zone d.f.ip6.arpa/IN: loaded serial 42
zone 8.e.f.ip6.arpa/IN: loaded serial 42
zone 9.e.f.ip6.arpa/IN: loaded serial 42
zone a.e.f.ip6.arpa/IN: loaded serial 42
zone b.e.f.ip6.arpa/IN: loaded serial 42
zone c.e.f.ip6.arpa/IN: loaded serial 42
zone d.e.f.ip6.arpa/IN: loaded serial 42
zone e.e.f.ip6.arpa/IN: loaded serial 42
zone f.e.f.ip6.arpa/IN: loaded serial 42
zone ip6.int/IN: loaded serial 42
zone example.org/IN: loaded serial 0
zone 0.168.192.in-addr.arpa/IN: loaded serial 93706
root@fbsdsrv01:~ #
Starting the service
root@fbsdsrv01:~ # service named start
Starting named.
root@fbsdsrv01:~ #
From this moment on we will have a name server running on our network and responding with the records we have configured.