Published on Nov 14 2012 in Dedicated Server Non-Java VPS

Many of our Java clients use pure (no control panel) VPSes and sometimes want to run their own nameservers. Some of them may prefer full featured BIND nameserver over DNSmasq described in the other article although BIND comes with larger memory footprint. BIND configuration file 'named.conf' is not installed by default so we need to create it manually.

In this copy and paste tutorial we assume that your server IP is 10.1.1.1 and the domain name you are setting DNS zone for is yourdomain.com. Let's begin with installing required packages and making named to start at boot time.

yum -y install bind-chroot bind bind-utils
chkconfig named on

You may have different bind version so replace 9.3.6 with your version accordingly and copy example configuration files.

cp /usr/share/doc/bind-9.3.6/sample/etc/* /var/named/chroot/etc

Optionally, you may delete view internal from /var/named/chroot/etc/named.conf

perl -i.bak -ne 'local $/; $f = <>; $f =~ s/view "internal".*?^key ddns_key/key ddns_key/ms; print $f' /var/named/chroot/etc/named.conf

In view external replace my.external.zone with your domain name yourdomain.com. This will also update zone file name.

sed -i 's/my.external.zone/yourdomain.com/g' /var/named/chroot/etc/named.conf

With below command generate and the paste the key into key ddns_key secret field.

SECRET=`/usr/sbin/dns-keygen`; sed -i "s/secret .*$/secret \"$SECRET\";/" /var/named/chroot/etc/named.conf

Copy the other template files into your chrooted /var/named.

cp -r /usr/share/doc/bind-9.3.6/sample/var/named/* /var/named/chroot/var/named

And now create zone file for yourdomain.com assuming you will be using your own nameservers ns1/ns2.yourdomain.com with the server's public IP. Don't forget to update MYDOMAIN, MYIP.

MYDOMAIN=yourdomain.com; MYIP=10.1.1.1; SERIAL=`date +%s`
echo -e "\$TTL 14400
@       86400   IN      SOA     ns1.$MYDOMAIN. root.$MYDOMAIN. (```
    \t$SERIAL    ; serial, timestamp
        \t86400        ; refresh, seconds
        \t7200        ; retry, seconds
        \t3600000        ; expire, seconds
        \t86400 )        ; minimum, seconds

$MYDOMAIN. 86400 IN NS ns1.$MYDOMAIN.
$MYDOMAIN. 86400 IN NS ns2.$MYDOMAIN.

$MYDOMAIN. IN A $MYIP

localhost.$MYDOMAIN. IN A 127.0.0.1

$MYDOMAIN. IN MX 0 $MYDOMAIN.

mail IN CNAME $MYDOMAIN.
www IN CNAME $MYDOMAIN.
ftp IN A $MYIP
$MYDOMAIN. IN TXT \"v=spf1 a mx -all\"" > /var/named/chroot/var/named/yourdomain.com.db

Clear the environment variables we used and start named.

unset SECRET MYDOMAIN MYIP SERIAL
service named restart

Finally, you may test if the nameserver responds with correct information by querying it from another host and asking for all records of your domain (zone transfer):

$ host -t IXFR yourdomain.com 10.1.1.1
Using domain server:
Name: 10.1.1.1
Address: 10.1.1.1#53

yourdomain.com has SOA record ns1.yourdomain.com. root.yourdomain.com. 1352893256 86400 7200 3600000 86400
yourdomain.com descriptive text "v=spf1 a mx -all"
yourdomain.com mail is handled by 0 yourdomain.com.
yourdomain.com name server ns1.yourdomain.com.
yourdomain.com name server ns2.yourdomain.com.
yourdomain.com has address 10.1.1.1
ftp.yourdomain.com has address 10.1.1.1
localhost.yourdomain.com has address 127.0.0.1
mail.yourdomain.com is an alias for yourdomain.com.
www.yourdomain.com is an alias for yourdomain.com.
yourdomain.com has SOA record ns1.yourdomain.com. root.yourdomain.com. 1352893256 86400 7200 3600000 86400

Now register your nameservers in your domain registrar control panel. For example:

ns1.yourdomain.com 10.1.1.1
ns2.yourdomain.com 10.1.1.1

and you are all set.