DNS: Server (BIND named) Configuration

Tech Articles
DNS Server Types
DNS Configuring BIND named
The primary software for DNS on UNIX servers is BIND (Berkeley Internet Name Domain). BIND consists of:
  • named (the name server, a contracted version of name daemon)
  • dig (a tool for checking addresses and other debugging tasks)
  • utilities like rndc

The main configuration file for named is:
/etc/named.conf

Additional configuration files exist in this directory:
/etc/named/

In order to put configuration files in another directory, systems administrator would update /etc/named.conf. If you wanted to change the directory to /var/named, the specific lines would be:

options {
directory "/var/named";
};

Note: other options would be put in the same stanza.

Zones and Domains
A domain is a subdivision of the namespace. For example, google.com is a domain.

Important points about zones:
  • A zone is a concept used in configuration
  • A zone is a collection of hosts
  • A zone can sometimes be a domain, but it is best to assume that this is very rare.
  • Typically, only the systems administrators responsible for DNS would know what zones are used within the organization
  • A zone is managed by the one team of systems administrators
  • A team of systems administrators might manage more than one zone
  • Management of zones can be delegated
  • Delegating authority for managing a portion of the name space implies creating a new zone
  • Name servers normally make a zone’s data available to other name servers

Zone Files

The zone files used are listed in /etc/named.conf in zone statements. For example, here are the zone statements for the two examples that will be used in the information on zone files.

zone "petervtamas.com" IN {
  type master;
  file "petervtamas.com.zone";
  allow-update { none; };
};

zone "22.168.192.in-addr.arpa" IN {
  type master;
  file "db.192.168.22";
  allow-update { none; };
};

Explanation of the zone statements

The first line takes the following form:
zone zone-name [zone-class] {

The zone-name attribute is the name of the zone. For reverse zone files, the first three blocks of the IP address reversed followed by .in-addr.arpa. In the example, above, the reverse zone file is for addresses starting with 192.168.22 and the zone-name attribute is 22.168.192.in-addr.arpa.

The zone-class is usually IN, which stands for the Internet system. The other possible classes are rarely used.

The line “type master” indicates that this nameserver is authoritative for this zone.

The file name attribute indicates the name of the zone file. Most sites follow the convention of calling the zone file db.DOMAIN or db.ADDR. The zone file name should match the file option is the zone statement described at the end of this page. In this example the file would be called:
db.petervtamas.com
db.192.168.22

The “allow-update” line specifies which servers are allowed to dynamically update information in their zone. Normally, this is set to none, as in the above examples.

Making Updates to DNS Configuration Live
When you update bind configuration files, the configuration must be reloaded with ndc or rndc. Click here for more information on ndc and rndc.

Suggestions for Future Learning

The official BIND web site is:
also:








Technical Articles
DNS Server Types
This article describes BIND (DNS)  administration and is intended for experienced UNIX administrators. Go to these tutorials on DNS Queries   or DNS settings for more introductory information.