D 6: Primary Master DNS Server with Bind on Linux (15 pts.)

What You Need for This Project

A Linux virtual machine running Bind, which you prepared in a previous project.

Purpose

Configure a Bind DNS server which is the primary SOA for a domain, and does not accept recursive queries.

Testing your Linux DNS Server

In a Terminal window, execute this command:

dig @127.0.0.1 yahoo.com +short

You should see some IP addresses, as shown below.

If you don't see the answers, you need to restart or reinstall Bind.

This shows that your server is now operating as a recursive server, which is not what a SOA server should do.

Finding your Server's IP Address

In a Terminal window, execute this command:

ip a

Make a note of your server's IP address, as highlighted in the image below.

Editing named.conf.local

The zone statement you are adding here tells Bind that it has authoritative information about a domain.

In a Terminal window, execute these commands, one at a time. Enter your password when you are prompted to.

sudo cp /etc/bind/named.conf.local /etc/bind/named.conf.local.bak sudo nano /etc/bind/named.conf.local

Add this code to the end of the file, as shown below, replacing YOURNAME with your own name or domain:

zone "YOURNAME.com" { type master; file "/etc/bind/db.YOURNAME.com"; };

Save the file with Ctrl+X, Y, Enter.

Making the Zone File

In a Terminal window, execute this command, replacing YOURNAME with your own name or domain:

sudo nano /etc/bind/db.YOURNAME.com

Enter this data into the file, replacing YOURNAME with your own name or domain, and the IP addresses with the IP address of your server:

; ; BIND data file for YOURNAME.com ; $TTL 604800 @ IN SOA ns1.YOURNAME.com. root.YOURNAME.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.YOURNAME.com. @ IN NS ns2.YOURNAME.com. YOURNAME.com. IN A 199.188.72.153 ns1 IN A 199.188.72.153 ns2 IN A 199.188.72.153

Your file should resemble the example below.

Save the file with Ctrl+X, Y, Enter.

Restarting Bind

In a Terminal window, execute these commands, replacing YOURNAME with your own name or domain:

sudo service bind9 restart dig @127.0.0.1 YOURNAME.com

You should see the aa flag in the answer, showing that this server is now authoritative for this domain, as shown below.

Performing a Recursive Query

In a Terminal window, execute this command:

dig @127.0.0.1 yahoo.com +short

You should see an ANSWER SECTION containing some IP addresses, as shown below.

This shows that your server is still operating as a recursive server.

That's not something an SOA server should do. The purpose of this server is to serve as the SOA for the YOURNAME.com domain, not to provide general DNS resolution for the machines on a LAN.

Disabling Recursive Queries

In a Terminal window, execute these commands:

sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak sudo nano /etc/bind/named.conf.options

At the bottom of the file, before the

};

line, insert these three lines:

allow-transfer {"none";}; allow-recursion {"none";}; recursion no;

Your file should look like the image below:

Save the file with Ctrl+X, Y, Enter.

Performing another Recursive Query

Flag D 6: Status (15 pts)
In a Terminal window, execute these commands:
sudo service bind9 restart dig @127.0.0.1 yahoo.com
You should see "ANSWER: 0", outlined in yellow in the image below.
The flag is the status, covered by a green rectangle in the image below.

Reverse DNS Records

I didn't include it in this project, but it's good to also include reverse DNS records. For details, see the Source below.

Sources

http://linuxconfig.org/linux-dns-server-bind-configuration

Posted 6-1-23