I have several domains – kimballlarsen.com, hugegrocerysavings.com, twigglesgiggles.com, ourpioneerhistory.com – for which I host DNS. Until recently, this has all been done via my ISP’s hosting services, etc. A few months ago, I decided to finally learn Bind9 and figure out how to set up DNS for my domains at work (30+ of them) and in so doing learned how to easily do the same for my piddly stack of personal domains.
Tonight I’m just setting up my new Gutsy box named "The Bridge" to host DNS for my domains.
First off, when I installed Gutsy, I did so using the PC (Intel x86) server install CD, which does not install fluffy things like X11 by default, and saves a bunch of overhead in the form of useless software on this server. During the install, it asks what roles this server will fill – and I believe I selected everything except for Postgres Database Server (never been convinced that Postgres is all that much better for my needs than MySQL). Thus, the Bind9 DNS package should already be installed. To verify, there are several ways you can check to see what is installed. I am too lazy to actually remember the command to look up what has been installed using apt, but I do remember that if you try to apt-get install something that is already installed, it tells you that you’re a moron for trying again:
root@bridge:/home/kimball# apt-get install bind9
Reading package lists... Done
Building dependency tree
Reading state information... Done
bind9 is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
So, bind is all installed, and we’re set. Now, I already have these domains set up in Bind9 on the Holodeck, so in theory, I should just have to copy the /etc/bind/ directory from the holodeck to the bridge and restart bind on the bridge. Go get a drink. This will take just a second.
Ick. That didn’t work at all:
root@bridge:/etc# mv bind bind.old
root@bridge:/etc# scp -r root@192.168.0.5:/etc/bind ./
The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.
RSA key fingerprint is 00:ca:ef:35:9f:16:21:00:43:69:67:c8:8e:9c:72:c7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.5' (RSA) to the list of known hosts.
Password:
db.empty 100% 353 0.3KB/s 00:00
zones.rfc1918 100% 1317 1.3KB/s 00:00
db.127 100% 176 0.2KB/s 00:00
db.root 100% 1507 1.5KB/s 00:00
named.conf 100% 1438 1.4KB/s 00:00
named.conf.local 100% 253 0.3KB/s 00:00
named.conf.options 100% 1500 1.5KB/s 00:00
rndc.key 100% 77 0.1KB/s 00:00
kimballlarsen.com.hosts 100% 480 0.5KB/s 00:00
root@bridge:/etc# /etc/init.d/bind9 restart
* Stopping domain name service... bind
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.
...fail!
* Starting domain name service... bind
...fail!
Alright, so I guess I really should have kept the file called rndc.key from the original install. I’ll try that instead:
(good thing I made a backup of the original config, eh?)
root@bridge:/etc# mv bind bind-busted
root@bridge:/etc# scp -r root@www.kimballlarsen.com:/etc/bind ./
Password:
db.empty 100% 353 0.3KB/s 00:00
zones.rfc1918 100% 1317 1.3KB/s 00:00
db.127 100% 176 0.2KB/s 00:00
db.root 100% 1507 1.5KB/s 00:00
named.conf 100% 1438 1.4KB/s 00:00
named.conf.local 100% 253 0.3KB/s 00:00
named.conf.options 100% 1500 1.5KB/s 00:00
rndc.key 100% 77 0.1KB/s 00:00
kimballlarsen.com.hosts 100% 480 0.5KB/s 00:00
root@bridge:/etc# cd bind
root@bridge:/etc/bind# rm rndc.key
root@bridge:/etc/bind# cp ../bind-old /rndc.key ./
root@bridge:/etc/bind# /etc/init.d/bind9 restart
* Stopping domain name service... bind
...done.
* Starting domain name service... bind
...done.
Can it really be that easy?
root@bridge:/etc/bind# dig @localhost www.kimballlarsen.com
; <<>> DiG 9.4.1-P1 <<>> @localhost www.kimballlarsen.com
; (1 server found)
...
;; ANSWER SECTION:
www.kimballlarsen.com. 38400 IN A 209.161.26.94
Yup. It can. Now, this has only handled my kimballlarsen.com domain – I’ll just need to create zones for the other domains I want to set up, and I prefer to use webmin to do so, as the syntax and format of the bind config files is somewhat fragile, and I’m just too lazy. 🙂
Contact me if you need any help setting up a new DNS zone in Bind via Webmin. I’m no expert, but I can muddle through.
Leave a Reply