Simple Solaris BIND/DNS Server Setup with Failover

Home -> UNIX -> Solaris -> System administration

From the computer of: mcdsco (5 recipes)
Created: Mar 15, 2006

Add to:

BIND is a DNS server that comes with Solaris 8 and 9 or can be installed. These instructions will work for other BIND installations, however the placement of the files may be different.

Here is a simple configuration of BIND on Solaris 9 (really the same for Solaris 8):

Installation & configuration of in.named (BIND) on Solaris 9

in.named (the daemon that implements the BIND protocol, version 8.3.3) comes preinstalled on Solaris 9, so all that needs to happen is for the configuration files needed to be installed and localized, and for the daemon to be started. There are 4 types of files needed for in.named to function: The main configuation file (/etc/named.conf), the root servers file, forward zone files, and reverse zone files. The names & locations of root server files and zone files are specified in the main configuration file (/etc/named.conf)

Main Configuration File (/etc/named.conf)
The main configuration file for in.named is /etc/named.conf. The complete format specification of this file can be found in the man pages on Solaris 9. The configuration of this file will differ between the master server and the secondary server. The /etc/named.conf file will specify all other files used by in.named.

The master server's configuration file will look like this:

options {
query-source address * port 53;
directory "/var/named";
forwarders { 166.102.165.11 ; 166.102.165.13 ; } ; #IP Addresses of "real" DNS servers
forward only;
};

zone "." {
type hint;
file "named.ca";
};

zone "your.private.domain.priv" in {
type master;
file "your.private.domain.priv";
};

zone "1.168.192.in-addr.arpa"{
type master;
file "db.192.168.1";
};

zone "0.0.127.in-addr.arpa"{
type master;
file "db.127.0.0";
};

The slave server's configuration file will look like this:

options {
query-source address * port 53;
directory "/var/named";
forwarders { 166.102.165.11 ; 166.102.165.13 ; } ; # IP Addresses of "real" DNS Servers.
forward only;
};

zone "." {
type hint;
file "named.ca";
};

zone "your.private.domain.priv" in {
type slave;
file "your.private.domain.priv";
masters { 192.168.254.5 ; } ;
};

zone "1.168.192.in-addr.arpa"{
type slave;
file "db.192.168.1";
masters { 192.168.1.5 ; } ;
};

zone "0.0.127.in-addr.arpa"{
type master;
file "db.127.0.0";
};

Root Servers File
The zone section in /etc/named.conf specifies the root servers file, also known as the cache file. It holds the names & locations of the root servers for used by the entire internet. The current version of this file is stored in /var/named/named.ca and contains the following information:

; formerly NS1.ISI.EDU
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107
;
; formerly C.PSI.NET
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;. 3600000 NS E.ROOT-SERVERS.NET.

E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; temporarily housed at NSI (InterNIC)
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10
;
; temporarily housed at NSI (InterNIC)
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 198.41.0.11
;
; temporarily housed at ISI (IANA)
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; temporarily housed at ISI (IANA)
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 198.32.65.12
; End of File

Forward & Reverse Zone files.

The forward & reverse zone files are where in.named gets the information to resolve host names to IP addresses and vice versa. Any zone listed as 'slave' should be populated automatically as in.named connects to the master server & transfers the definitive information about the zone. Any zone that a server is listed as 'master' for will need to have the corresponding file populated with appropriate information. Listed below are partial files that that can be added to as need be to fit current IP/hostname maps.

Full listing of db.127.0.0

; SOA rec
0.0.127.in-addr.arpa. IN SOA dns_server.your.private.domain.priv. root.dns_server.your.private.domain.priv. (
2004042001 ; serial number (YYYYMMDD##)
10800 ; refresh every 3 hours
10800 ; retry every 3 hours
604800 ; expire after a week
86400 ) ; TTL of 1 day
; Name Servers
0.0.127.in-addr.arpa. IN NS dns_server.your.private.domain.priv.
1 IN PTR localhost.

Partial listing of zone file for your.private.domain.priv.

@ IN SOA dns_server.your.private.domain.priv. root.dns_server.your.private.domain.priv (
2004042003 ; serial number (YYYYMMDD##)
10800 ; refresh every 3 hours
10800 ; retry every 3 hours
604800 ; expire after a week
86400 ) ; TTL of 1 day

nko.navy.mil.priv. IN NS dns_server.your.private.domain.priv.

dns_server IN A 192.168.1.5 #Internal IP Address for dns server
dns_server IN CNAME dns_server
your_gateway IN A 192.168.1.1
your_gateway IN CNAME your_gateway
windows_server IN A 192.168.1.2
windows_server_web IN CNAME www

partial listing of zone file for db.192.168.254.
;SOA rec
254.168.192.in-addr.arpa. IN SOA nko-mgt02.nko.navy.mil.priv. root.nko-mgt02.nko.navy.mil.priv. (
2004142000 ; serial number (YYYYMMDD##)
10800 ; refresh every 3 hours
10800 ; retry every 3 hours
604800 ; expire after a week
86400 ) ; TTL of 1 day
; Name Servers
1.168.192.in-addr.arpa. IN NS dns_server.your.private.domain.priv.
1 IN PTR your_gateway.your.private.domain.priv.
2 IN PTR windows_server.your.private.domain.priv.

Other files indirectly required by in.named to function
If you run the JASS security software package from Sun, during the lock-down process, the /etc/init.d/inetscv file gets switched out with a version that works fine for most installations, but will not work for a dns server. This file must have the original version put back into place. The original version of this file is saved as /etc/init.d/inetsvc.JASS.. Simply copy this file over the current /etc/init.d/inetsvc.

In order for the server to use its own BIND service, it must be set up to do so, by having the correct /etc/nsswitch.conf and /etc/resolv.conf files.

Starting the service up after configuration
Once all configuration changes are suit the local environment, run the in.named command and check /var/adm/messages for errors. If any errors are reported, update the configuration files to fix the errors then use 'pkill -HUP in.named' to restart the service and check for errors again.

Once all errors are taken care of, it is a good idea to reboot to make sure that the service starts correctly on boot..

How simple is that?