john pfeiffer

Dns dig bind bind9 named

DNS client side, using dig

sudo apt-get install dnsutils

dig example.org +short # a really short answer: 93.184.216.119

dig example.org +noall +answer # only return the answer

dig example.org # get all info

; <<>> DiG 9.9.2-P1 <<>> example.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29315 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;example.org. IN A

;; ANSWER SECTION: example.org. 86400 IN A 93.184.216.119

;; AUTHORITY SECTION: example.org. 172800 IN NS a.iana-servers.net. example.org. 172800 IN NS b.iana-servers.net.

;; ADDITIONAL SECTION: a.iana-servers.net. 1576 IN A 199.43.132.53 a.iana-servers.net. 1575 IN AAAA 2001:500:8c::53 b.iana-servers.net. 1575 IN A 199.43.133.53 b.iana-servers.net. 1575 IN AAAA 2001:500:8d::53

;; Query time: 36 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Aug 5 15:19:26 2013 ;; MSG SIZE rcvd: 192

AUTHORITY = The Name Server that can answer the query authoritatively

dig -t NS example.org +noall +answer dig -t ANY example.org +noall +answer

dig -x 209.132.183.81 +short # REVERSE DNS LOOKUP (IP ADDRESS TO DNS NAME)

dig @a.iana-servers.net example.org # SPECIFY THE DNS SERVER

dig -f names.txt +noall +answer # a file with a list of dns names

cat $HOME/.digrc # create a ~/.digrc to customize dig cli defaults +noall +answer

EMAIL MX RECORDS ARE SLIGHTLY DIFFERENT

dig example.org MX +noall +authority

; <<>> DiG 9.9.2-P1 <<>> example.org MX +noall +authority ;; global options: +cmd example.org. 3437 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2013072958 7200 3600 1209600 3600

DNS server side: bind (version 9+ only due to security issues), implementation of DNS (example.com to 1.2.3.4)

named: answers questions (dns lookup) Primary Master Server (the authority for a domain) Secondary Master Server (the backup for the Primary) Caching (save latency on frequent queries)

sudo apt-get install bind9

vi /etc/bind/named.conf

include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";

example dns cache that passes queries onto Google DNS

vi /etc/bind/named.conf.options

    forwarders {
            8.8.8.8;
    };

sudo /etc/init.d/bind9 restart

example primary master config

vi /etc/bind/named.conf.local

    zone "example.com" {
         type master;
         file "/etc/bind/db.example.com";
    };

flat files are the persistence (database), use the local template to create the new domain primary master

24 hour TimeToLive, 1 hour refresh, 2 hour retry/expire

sudo cp /etc/bind/db.local /etc/bind/db.example.com

vi /etc/bind

$TTL 86400 @ IN SOA ns.example.com. ( 1 ; Serial 3600 ; Refresh 7200 ; Retry 7200 ; Expire 7200 ) ; Negative Cache TTL ; @ IN NS ns.example.com. ns IN A 192.168.1.10

;this is a comment, i.e. for a section of A records mybox IN A 192.168.1.21

UPDATE the serial number by one every time there's any changes to the db file, convention is to use yyyymmddss (201312300101) sudo /etc/init.d/bind9 restart

mybox.example.com will resolve to 192.168.1.21

for reverse DNS lookups (ip address to name)

zone "1.168.192.in-addr.arpa" { type master; notify no; file "/etc/bind/db.192"; };

... https://help.ubuntu.com/community/BIND9ServerHowto

Published

Category

linux

~429 words

Tags