Cheap VPS & Xen Server


Residential Proxy Network - Hourly & Monthly Packages

Installing A FreeBSD 7.0 DNS Server With BIND


As FreeBSD is known as one of the most stable and reliable operating systems, I decided to publish some useful articles for it, mixing it with services we need on daily bases.

This tutorial shows how to set up a FreeBSD based server that offers DNS services. This tutorial is written for the 64-bit version of FreeBSD, but should apply to the 32-bit version.

I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Requirements

To install such a system you will need:

  1. FreeBSD boot only CD
  2. Fast Internet connection

 

2 Preliminary Note

In this tutorial I use the hostname dnsfreebsd.tm.local with the IP address 192.168.0.100 and the gateway 192.168.0.2.. These settings might differ for yours, so you have to replace them where appropriate.

This Article assumes that you have a new server, or a server that you are able to format.

 

3 The Base System

Insert your FreeBSD install CD into your system and boot from it. Leave it  till it will boot on its own or you can press [ENTER].

01

Select your country, highlight the [OK] button and then press [ENTER].

02

Select the Keyboard type, highlight the [OK] button and then press [ENTER].

03

For simplicity choose Standard, highlight the [OK] button and then press [ENTER].

04

Highlight the [OK] button and then press [ENTER].

05

For Automatic configuration, press A and then Q.

06

Choose Standard MBR.

07

Highlight the [OK] button and then press [ENTER] to go ahead for the partitioning step.

08

Again I pressed A and then Q, you can do your own partitioning if you want.

09

Scroll down to User and press the [SPACEBAR].

10

For the ports selection we will choose [YES] to avoid doing it manually later, so highlight the [Yes] button and then press [ENTER].

11

You will go back to the distribution screen so press [TAB] to highlight the OK button then press [ENTER].

 

13

The best choice here would be the nearest server to you, so it would be the fastest, after you make your choice, highlight the [OK] button and then press [ENTER].

14

As we have chosen ftp we will have to configure the network, so we will chose the network card connected to the Internet, then highlight the [OK] button and then press [ENTER].

15

For IPv6 I choose [NO], as my network environment doesn’t support IPv6.

16

If you have DHCP you can choose yes and change your IP later on (details covered below), however if you have a static IP you can configure it now.

17

Here is the network configuration, if you don’t have a DHCP in your network you will have to fill this screen up manually, when finished [TAB] to [OK] and press [ENTER], if you want to use DHCP and configure these settings later go ahead and check the section below on how to configure static IP after installation, here I will go with Static IP:

18

Last Chance? highlight the [Yes] button and then press [ENTER].

19

After the installation you will get the below message, highlight the [OK] button and then press [ENTER].

20

You will then be asked if you want the server to be a network gateway, so we will go and choose [NO].

21

Also we will choose [NO] for the inetd.

22

Choose [YES] for the SSH login.

23

Choose [NO] for the anonymous FTP login:

24

Choose [NO] for the NFS server.

25

Choose [NO] again for the NFS client.

26

You will then be asked for system console customization so we will choose [NO].

27

Choose [YES] for the time zone.

28

Most systems don’t use UTC, if not please choose [NO].

29

Time Zone, choose your region, highlight [OK] and press [ENTER].

30

Choose your country, highlight [OK] and press [ENTER].

31

CEST was ok for me, so depending on your region go ahead with the following selection.

32

It a text based installation and we wont use any mouse here so I choose [NO].

33

Choose [NO] for application browsing.

34

Choose [YES] for creating a new user.

35

Scroll down to User, highlight [OK] and press [ENTER].

36

Scroll down to User, highlight [OK] and press [ENTER].

36

Type the username and TAB to type the password then the full name, we will then need to type wheel in the Member groups box so that this user will be able to login via SSH, when finished highlight [OK] and press [ENTER]:

37

You will then go back to the previous screen choose X Exit  then highlight [OK] and press [ENTER].

38

Ok no we will configure the root password, so press [OK].

39

Type the new password and press [ENTER] to go and then Retype the new password again, then press [ENTER].

40

Choose [NO] for visiting the configuration menu.

41

You will then go back to the sysinstall main menu, you can then highlight X Exit Install and press [ENTER].

42

Remove the CD, highlight [YES] and press [ENTER].

43

After the reboot you can login with root to do administrative tasks, however if you are logging in via SSH you will need to login using the user you created and then switch to root using the su command.

Before installing 3rd party applications we need to configure FreeBSD to find the 3rd Party commands before the usual FreeBSD commands we will thus have to change the order of the default search path, we can do that by opening the .cshrc file:

cd /root
ee .cshrc

Then we will comment out (disable) the default path by adding a “#” at the beginning of the line so it looks like that:

#set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin /usr/X11R6/bin)

Now we will add a new line for the new default search path:

set path = (/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin $HOME/bin)

Now save and exit the file, to save and exit just press escape then choose option a to leave and it will then ask you if you want to save or not.

Now logout [CTRL+D] and then login again, if you want to display the current search path use the following command:

echo $path

A good thing to do is to limit the SSH Access, to specify specific users add them to the sshd_config file, do to that open the file using easy editor:

ee /etc/ssh/sshd_config

Add the following line and remember to modify the users based on the users you want to allow, in the below example I’ll allow user1 and user2 to access my server via SSH:

AllowUsers user1 user2

Save and Exit, then restart the ssh daemon using the command below:

/etc/rc.d/sshd restart

 

4 Configuring Static IP

If you have chosen DHCP during the installation, you can follow the following steps to configure a static IP, just remember to exclude then the server’s IP from the DHCP so that it wont conflict with another network device.

We will edit the rc.conf file using the following command:

ee /etc/rc.conf

You should then see something like:

hostname="dnsfreebsd.tm.local"
ifconfig_xlo="DHCP"

Please change your hostname if it’s not correct, it should be your servers’ FQDN.

Then we will modify the rest to look like that:

hostname="dnsfreebsd.tm.local"
ifconfig_xlo="inet 192.168.0.100 netmask 255.255.255.0"
defaultrouter="192.168.0.2"

As you can see above, we removed the word DHCP and typed our IP and netmask, and in a new line we added our router’s IP.

Now save and exit.

 

5 Checking the Hosts and DNS IPs configuration

We need also to make sure that the hosts file and the resolve.conf file are configured correctly, so we will start by the hosts file:

ee /etc/hosts

It should look like this, please modify your domain name (e.g. tm.local), and your hostname (e.g. dnsfreebsd). based on your configuration:

::1  localhost localhost.tm.local
127.0.0.1  localhost localhost.tm.local
192.168.0.100  dnsfreebsd dnsfreebsd.tm.local

Now save and exit.

We will now check the resolv.conf file:

ee /etc/resolv.conf

It should look like that, feel free to change based on your configuration, you should put the domain name at the top and then any DNS servers you have (your ISP ..etc) below after the word nameserver

domain tm.local
nameserver 192.168.0.2
nameserver 192.168.0.100

 

6 Updating the system

To make sure you are connected to the internet you can ping any website (e.g. www.google.com) if all good you can update and reboot the system using the following commands:

freebsd-update fetch
freebsd-update install
reboot

After rebooting you can display the release level using the following command:

uname -r

 

7 Configuring FreeBSD Ports Collection

The Ports Collection provides a centralized and simple way to install softwares, it is designed to be automated and relatively easy to use.

We will carry on the following steps also with the superuser.

First we will need to copy the ports-supfile to the /root to find it easily later:

cp /usr/share/examples/cvsup/ports-supfile /root

You need now to choose the nearest update server to your location, you can go to:

http://www.freebsd.org/doc/en/books/handbook/cvsup.html

And choose the nearest server to you.

We will then open the ports-supfile and we will type in our server name:

ee /root/ports-supfile

Around line 49 you will see the default server parameters, mine looks like that below, you can change the server to which ever near you:

*default host=cvsup.de.FreeBSD.org

Save and Exit.

Use the following command to update the ports:

csup -g -L 2 /root/ports-supfile

It may take sometime, however if it didn’t connect during the first 2 mins please make sure you have port 5999 opened on your firewall (from your server to the update server),  If it doesn’t work just make sure you can telnet on your server using port 5999.

telnet cvsup.de.freebsd.org 5999

If telnet was successful you should see something like that:

OK 17 0 SNAP_16_1h CVSup server ready

To create ports index file we will need to install Perl using the following commands:

cd /usr/ports/lang/perl5.8
make install clean
rehash

After that we will update the ports index and the readme files this may take really long time (may be 40 mins):

cd /usr/ports
make install readmes && make index

 

Portmaster makes life easy when upgrading most of the packages even if there are other packages depend on it, for example if you have Apache Server and you want to upgrade eXpat you have to uninstall eXpat and install the new version, doing this will break the Apache installation, Portmaster can be used to do this operation safely without breaking any links ..etc.

To install Portmaster do the following:

cd /usr/ports/ports-mgmt/portmaster
make install clean
rehash

Portaudit is a nice application which will check the vulnerability database when building ports to ensure that there is no known security issues with what you are installing, if there is a known issue if wont continue and will reference you to the vulnerability.

To install it do the following:

cd /usr/ports/ports-mgmt/portaudit
make install clean
rehash

If you want to install a program even if it has a known vulnerability you can do that using the following command:

make -D DISABLE_VULNERABILITIES install clean

 

9 Installing and Configuring DNS

BIND is part of the FreeBSD 7.0 distribution, check the version you have in the ports collection and if it’s equal 9.4.2 skip to the configuration section, if its supersedes 9.4.2 then continue with the installation section

You can check the version you have using the following command:

cat /usr/ports/dns/bind94/Makefile | grep PORTVERSION

 

Installation

cd /usr/ports/dns/bind94
make configure ; make clean

A menu will appear displaying options for BIND, press the [SPACEBAR] to choose the REPLACE_BASE the others you can leave at the defaults, then [TAB] to highlight [OK] and press [ENTER] to complete the installation process.

 

Configuration

We will now configure BIND 1st thing we will add “NO_BIND = YES” to the make.conf file in /etc you can do that using the following commands:

cp /etc/make.conf /etc/make.conf.old
echo “NO_BIND = YES” >> /etc/make.conf

This will let the make command not to build the base version of BIND in case you rebuild FreeBSD from the source.

Now let’s edit named.conf to configure our forwarders, zones …etc.

ee /var/named/etc/namedb/named.conf

Scroll down and comment out the listen-on line (about line 21) by adding // at the beginning of the line, this is to configure BIND to answer both internal and external queries, it should then look like this:

// listen-on     { 127,0,0,1 };

Again scroll down to about line 43 – 47, and you will need to remove the  /*  before the forwarders section as well as the  */  after the forwarders section, then you can replace the  127.0.0.1  with your ISP DNS IP, if you have more than one ISP DNSs you can add them all with  ;  as a separator.

It should then look something like that:

forwarders {
              192.168.0.2;192.168.0.3;
};

Now we need to add our zones, in the same file scroll to the bottom and add your forward and reverse lookup zones, to add the forward lookup zone add the following to the bottom of the file:

zone "tm.local" {
        type master;
        file "master/tm.local";
        allow-transfer { localhost; };
        allow-update { key rndc-key };
};

Well as you can see above, my zone name and zone file name are both tm.local, feel free to change that to your domain name.

There is a feature in BIND called dynamic DNS updates allows BIND to work with the DHCP to dynamically update the client records, I will cover that in detail in my FreeBSD DHCP tutorial.

Now we need to add the reverse lookup zone, so same thing at the end of the file we will add the following:

zone "0.168.192.in-addr.arpa" {
        type master;
        file "master/tm.local.rev";
        allow-transfer { localhost; };
        allow-update { key rndc-key };
};

As you can see my Zone name starts with 0.168.192 that’s because my network ID is 192.168.0 after reverse it, it should be 0.168.192, you will need to change this based on your network configuration.

Save and Exit the file.

Now we need to add the rndc.key file and add its contents to the bottom of the named.conf file, rndc.key is an encryption key that rndc utility needs to work, also it’s used in case you are using dynamic DNS together with DHCP.

To do that run the following commands:

rndc-confgen -a
cd /var/named/etc/namedb
cp named.conf named.conf.old
cat rndc.key >> named.conf

Now we are finished with the named.conf file, we need now to create our zone files which contain the records, etc.

Creating the Master forward lookup zone file

Remember to replace tm.local with your domain name, it must match what you have used before.

So we will create the file tm.local:

cd /var/named/etc/namedb/master
ee tm.local

Then we add the following:

$TTL    3600
tm.local.                     IN    SOA     dnsfreebsd.tm.local.   root.tm.local. (
                                                   1            ; Serial 
                                                   10800    ; Refresh
                                                   3600       ; Retry
                                                    604800  ; Expire
                                                   86400 )   ;Minimum TTL
; DNS Servers
tm.local.                     IN               NS   dnsfreebsd.tm.local.

; Computer names and records
dnsfreebsd.tm.local.     IN               A    192.168.0.2

; Aliases
www                          IN              CNAME    dnsfreebsd.tm.local.

; Mail MX Records
tm.local.                    IN     MX     10   dnsfreebsd.tm.local.

Feel free to modify based on what you want to do, you can add more aliases, A or MX records, and make sure to change your domain name above from tm.local to your domain name and make sure to add a “.” after words, also change your hostname from dnsfreebsd to the hostname you are using.

root.tm.local is the e-mail address of the person responsible for the zone, here we use a “.” instead of an “@” sign.

 

Creating the Master reverse lookup zone file

Now we will create a reverse lookup zone file for the forward one we created above using the following commands:

cd /var/named/etc/namedb/master
ee tm.local.rev

Then we we will add the below data to it, again feel free to modify based on your configuration:

$TTL    3600
0.168.192.in-addr.arpa.          IN    SOA    dnsfreebsd.tm.local.     root.tm.local. (
                                                   1            ; Serial
                                                    10800    ; Refresh
                                                   3600      ; Retry
                                                    604800   ; Expire
                                                    86400)   ; Minimum TTL
; DNS Servers
0.168.192.in-addr.arpa.          IN              NS    dnsfreebsd.tm.local.

; Computer IPs
100                                     IN               PTR    dnsfreebsd.tm.local.
100                                     IN               PTR    www.tm.local.

Testing your DNS Server

Now we are finished with configuration, we just need to start the service and test it.

First of all let’s make sure that your server has it’s own IP as the primary DNS server in the resolv.conf file.

Open the resolv.conf:

ee /etc/resolv.conf

and make sure you are using your DNS servers IP as the primary IP, my server’s IP is 192.168.0.100 thus my resolv.conf looks like that with my IP at the first place:

domain tm.local
nameserver 192.168.0.100
nameserver 192.168.0.2

Save and Exit.

Configure named to start automatically at the boot time.

Open the rc.conf file in /etc:

ee /etc/rc.conf

We will then add the following line to it:

named_enable="YES"

Save and Exit.

Start the named service:

/etc/rc.d/named start

You can try to dig for google.com to make sure all good with your DNS server:

dig google.com

If you saw at the end (probably the 3rd line from down) something like this:

;; SERVER: 192.168.0.100#53(192.168.0.100)

So this means your DNS server (e.g. 192.168.0.100) was the one who answered the query.

You can try then to ping your A records if all give the expected reply then your DNS is working fine.

 

10 Sources and References

  • Official FreeBSD Handbook
  • Using the ports collection (FreeBSD Handbook)
  • Search FreeBSD Ports Collection
  • PortMaster
  • BIND 9 Administrator Reference Manual
  • RFC 1034 – Domain Names: Concepts and Facilities
  • RFC 1035 – Domain Names: Implementation and Specification
  • The FreeBSD DNS Handbook
  • Building a Server with FREEBSD 7

 

 

Comments

comments