DNS tips

Detect BIND version

dig @server_address -c CH -t txt version.bind

or via fpdns

fpdns server_address

Hide BIND version

version "DNS server";

Sample master server

/etc/bind/conf.local:

options

{

recursion no;

version "DNS server";

};

zone "domain" { 

type master;

file "/etc/bind/db.zone";
allow-transfer { slave_server;};
};

/etc/bind/db.zone
$TTL 3h
@ IN SOA ns1. email.domain (
2
12h
1h
1w
1h
)
@ IN NS ns1.
ns1 IN A 11.11.11.11
@ IN A 11.11.11.11
www IN A 11.111.11.111
@ IN MX 10 mx
mx IN A 11.111.11.111

• @ - alias for domain
• ns1 - name of NS server
• email - email address of administrator
• 2 - serial number
• 12h - update interval, that would be used by slave DNS server
• 1h - time between retries by slave to retrieve information, if connect failed
• 1w - indicates that zone data is no longer authoritive, used only by slaves. They stop responding queries, after this time expires and no contact with master
• 1h - this time interval determines how long ckients will store in cache error replies

Sample slave server
Create directory for backup file and grant permissions on it for user bind:

mkdir /var/bind
chown root:bind /var/bind
chmod 770 /var/bind

/etc/bind/conf.localoptions 

{

recursion no;

version "DNS server"; };
zone "domain" {
type slave;
file "/var/bind/db.zone";
masters { master; };
allow-transfer { none;};
};

Forward only server

/etc/bind/conf.local:
options {
directory “/var/named”;
forwarders { 10.9.16.30; 10.13.16.30; };
listen-on{ 192.168.1.1; 172.24.21.1; };
forward only;
recursion no;
version "DNS server";
};

Reverse zone sample

$TTL 1D

1.168.192.in-addr.arpa. IN SOA dns1.example.com. \ admin.example.com. 

( 2010022003 ; serial 3600 ; refresh 600 ; retry 604800 ; expire 86400 ; default_ttl ) 

1.1.168.192.in-addr.arpa. IN PTR dns1.example.com.
2 IN PTR horus.exmaple.com.
3 IN PTR ra.example.com.
@ IN NS dns1.example.com.

Monitor DNS requests
dnstop -l 3 eth0

http://www.zytrax.com/books/dns/