Comments on BIND Installation On CentOS

If you are opening your DNS to the world, or have your bind installation sat on an internet connected box for a little extra security its worth installing the chrooted bind

This runs bind in its own little file system, so where you would find your named.conf normally in /etc it now resides in /var/named/chroot/etc/

and zones normally in /var/named/ will now be in /var/named/chroot/var/named

You should also no longer need to chmod files with this too :)

Oh and another major point to remember is when adding entries into your zone database (yourdomain.com.zone) or the reverse lookup, is to increment the serial number.. beginners to bind will find this a pain but trust me its good practise to start doing it so you don't forget. Otherwise you will be wondering why your updates aren't happening.

IANA requires two or more DNS servers for each domain. If you run your own primary DNS server, but do not have an additional server for serving as secondary, you can use one of the free secondary DNS services available online.

Adding one or more external services improves the availability of your domain, but can introduce inconsistencies after you add or change entries to your primary. The only service that minimizes this problem is BuddyNS. See www.buddyns.com

Thanks it Helps a lot for a newbie like me..

 I just have a little question on this which confuse me a lot: okay, i already configured DNS on the server, i do nslookup on the server and it resolves addresses but why is it that if going to use the dns ip on xp machine and do nslookup it cannot resolve the address? Here's some info:

My DNS Server IP: 192.168.0.100

 XP Machine: IP Address: 192.168.0.5 / Gateway: 192.168.0.1 / Pref. DNS 1: 192.168.0.100 / Workgroup: Workgroup..

HOpe you can help me.... Thanks in advance....

|it that if going to use the dns ip on xp machine and do nslookup it cannot resolve the address? Here's some info:

yups, i have same problem with you, maybe can help me?

but, if i try with 2 IP Address (Public and Local) it's work.

my problem is done, check your recursion

 Thanks for your post If need to use multiple domains like yourdomain.com and yourdomain.net. I configured for yourdomain.com and how can i add yourdomain.net ? Whethere i need to add in named.conf or can i create separate zone files..?

Hi,

Thanks for the article, but its for CentOS 5. in CentoS 6.3 its different like directories etc. also, you have not mentioned that we need to add Domain=domain and HOSTNAME=hostname.domain.com into /etc/hosts file in order to resolve them. as well the DNS entries in /etc/sysconfig/network-scripts/eth0 in ethernet file DNS1=1.1.1.1 and DNS2=1.1.1.2

I have install bind 9 in centos 6.3 and add the proper configuration via webmin. as well point the domain in domain registrar to my ns1 and ns2. but i have stil not got any nslookup to my domain in SSH into VPS.

 Please post centos 6.3 bind dns configuration article with all steps.

Hi;

 I have a network with 80 computers and I want to serve DNS cache in my firewall. I'm using squid on linux Centos 6.4 32 bits, and I installed bind. However, when I run: '/etc/init.d/named status/start/stop', the system is very slow to give me an answer of the status the service. So, I have an little question. For to serve dns cache in my network, just have the bind package installed will be resolved, or I have to configure any file?

 Thank's, and sorry my english :)

it's works greatfull sir..

Great walk through. It took me back to an old config which helped me resolve my issue.

You are asking for trouble if you set the permissions on ANY FILES to "777". Anyone with access to the machine can do whatever they want to your name server. UNIX security is there for a purpose. If you think you've tripped over it, you should find out what has really gone wrong and fix it.

If you can't figure it out, you should not be pretending you know enough about it to post a  "how to" on the Net.

You're in the wrong job. Go and do a IT security course. Understand that one of your major responsibilities is to maintain system security not to sabotage it!

I don't usually flame people in on-line comments, but I've put this up to warn other people who might stumble on this one.