Simple Solaris BIND/DNS Server Setup with Failover

Posted March 15, 2006 by mcdsco in Solaris system administration

BIND is a DNS server that comes with Solaris 8 and 9 or can be installed. These instructions will work for other BIND installations. However, the placement of the files may be different.


Here is a simple configuration of BIND on Solaris 9 (It is really the same for Solaris 8.):

Installation and Configuration of in.named (BIND) on Solaris 9

in.named (the daemon that implements the BIND protocol, version 8.3.3) comes pre-installed on Solaris 9, so all that needs to happen is for the configuration files needed to be installed and localized and for the daemon to be started. There are four types of files needed for in.named to function: the main configuation file (/etc/named.conf), the root servers file, forward zone files, and reverse zone files. The names and locations of root server files and zone files are specified in the main configuration file (/etc/named.conf).

Main Configuration File (/etc/named.conf)
The main configuration file for in.named is /etc/named.conf. The complete format specification of this file can be found in the man pages on Solaris 9. The configuration of this file will differ between the master server and the secondary server. The /etc/named.conf file will specify all other files used by in.named.

The master server’s configuration file will look like this:

options {
query-source address * port 53;
directory “/var/named”;
forwarders { 166.102.165.11 ; 166.102.165.13 ; } ; #IP Addresses of “real” DNS servers
forward only;
};

zone “.” {
type hint;
file “named.ca”;
};

zone “your.private.domain.priv” in {
type master;
file “your.private.domain.priv”;
};

zone “1.168.192.in-addr.arpa”{
type master;
file “db.192.168.1”;
};

zone “0.0.127.in-addr.arpa”{
type master;
file “db.127.0.0”;
};

The slave server’s configuration file will look like this:

options {
query-source address * port 53;
directory “/var/named”;
forwarders { 166.102.165.11 ; 166.102.165.13 ; } ; # IP Addresses of “real” DNS Servers.
forward only;
};

zone “.” {
type hint;
file “named.ca”;
};

zone “your.private.domain.priv” in {
type slave;
file “your.private.domain.priv”;
masters { 192.168.254.5 ; } ;
};

zone “1.168.192.in-addr.arpa”{
type slave;
file “db.192.168.1”;
masters { 192.168.1.5 ; } ;
};

zone “0.0.127.in-addr.arpa”{
type master;
file “db.127.0.0”;
};

Root Servers File
The zone section in/etc/named.conf specifies the root servers file, also known as the cache file. It holds the names and locations of the root servers for use by the entire internet. The current version of this file is stored in /var/named/named.ca and contains the following information:

; formerly NS1.ISI.EDU
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;. 3600000 NS E.ROOT-SERVERS.NET.

E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; temporarily housed at NSI (InterNIC)
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 198.41.0.11
;
; temporarily housed at ISI (IANA)
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; temporarily housed at ISI (IANA)
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 198.32.65.12
; End of File

Forward and Reverse Zone Files

The forward and reverse zone files are where in.named gets the information to resolve host names to IP addresses and vice versa. Any zone listed as “slave” should be populated automatically as in.named connects to the master server and transfers the definitive information about the zone. Any zone that a server is listed as “master” for will need to have the corresponding file populated with appropriate information. Listed below are partial files that that can be added to as need be to fit current IP/hostname maps.

Full listing of db.127.0.0

; SOA rec
0.0.127.in-addr.arpa. IN SOA dns_server.your.private.domain.priv. root.dns_server.your.private.domain.priv. (
2004042001 ; serial number (YYYYMMDD##)
10800 ; refresh every 3 hours
10800 ; retry every 3 hours
604800 ; expire after a week
86400 ) ; TTL of 1 day
; Name Servers
0.0.127.in-addr.arpa. IN NS dns_server.your.private.domain.priv.
1 IN PTR localhost.

Partial listing of zone file for your.private.domain.priv.

@ IN SOA dns_server.your.private.domain.priv. root.dns_server.your.private.domain.priv (
2004042003 ; serial number (YYYYMMDD##)
10800 ; refresh every 3 hours
10800 ; retry every 3 hours
604800 ; expire after a week
86400 ) ; TTL of 1 day

nko.navy.mil.priv. IN NS dns_server.your.private.domain.priv.

dns_server IN A 192.168.1.5 #Internal IP Address for dns server
dns_server IN CNAME dns_server
your_gateway IN A 192.168.1.1
your_gateway IN CNAME your_gateway
windows_server IN A 192.168.1.2
windows_server_web IN CNAME www

Partial listing of zone file for db.192.168.254.
;SOA rec
254.168.192.in-addr.arpa. IN SOA nko-mgt02.nko.navy.mil.priv. root.nko-mgt02.nko.navy.mil.priv. (
2004142000 ; serial number (YYYYMMDD##)
10800 ; refresh every 3 hours
10800 ; retry every 3 hours
604800 ; expire after a week
86400 ) ; TTL of 1 day
; Name Servers
1.168.192.in-addr.arpa. IN NS dns_server.your.private.domain.priv.
1 IN PTR your_gateway.your.private.domain.priv.
2 IN PTR windows_server.your.private.domain.priv.

Other files indirectly required by in.named to function
If you run the JASS security software package from Sun, during the lock-down process, the /etc/init.d/inetscv file gets switched out with a version that works fine for most installations. However, it will not work for a dns server. This file must have the original version put back into place. The original version of this file is saved as /etc/init.d/inetsvc.JASS.. Simply copy this file over the current /etc/init.d/inetsvc.

In order for the server to use its own BIND service, it must be set up to do so by having the correct /etc/nsswitch.conf and /etc/resolv.conf files.

Starting the service up after configuration
Once all configuration changes suit the local environment, run the in.named command, and check /var/adm/messages for errors. If any errors are reported, update the configuration files to fix the errors then use “pkill -HUP in.named” to restart the service and check for errors again.

Once all errors are corrected, it is a good idea to reboot to make sure that the service starts correctly on boot.

The Conversation

Follow the reactions below and share your own thoughts.