Recipe 24.15. Running a Local Caching Name Server with BIND

24.15.1 Problem

You want to set up a local BIND caching name server for your LAN to speed up DNS lookups, which in turn will speed up all of your Internet services.

24.15.2 Solution

Install BIND on a Linux machine with a static IP address. Be sure you get the latest version, which is currently BIND 9.2.3. Don't mess with older versions, as they are buggy and exploitable. After installation, you'll have four configuration files to edit or create:

• named.conf

• named.root

• zone.localhost

• revp.127.0.0

In this recipe, all of these files are in /var/named, except for /etc/named.conf. named.conf is the standard name for BIND's configuration file; all the others you can name to suit yourself. Here is a sample named.conf:

//BIND configuration file //named.conf for caching server     options { // where all zone files are   directory "/var/named"; // accept queries only from local subnet   listen-on {            127.0.0.1;            10.11.12.1;     };   allow-recursion {            127.0.0.0/8;            10.11.12.0/24;     }; };     zone "." IN {      type hint;      file "named.root"; };     // location of the zone file for localhost zone "localhost" IN {   type master;   file "zone.localhost";   allow-update { none; }; };     // reverse pointer file for localhost zone "0.0.127.in-addr.arpa" IN {   type master;   file "revp.127.0.0";   allow-update { none; }; };

Now add named.root. This is the master list of the root name servers; simply fetch the current version from ftp://ftp.internic.net/domain/named.root, and put it in /var/named.

Now create zone.localhost:

; zone.localhost ; loopback/localhost zone file ; $TTL 1D $ORIGIN localhost. @              IN  SOA   @  root (                          1   ; Serial                          8H  ; Refresh                          15M ; Retry                          1W  ; Expire                          1D) ; Minimum TTL                IN   NS   @                IN   A    127.0.0.1

Finally, create revp.127.0.0:

; revp.127.0.0 ; reverse pointers for localhost ; $TTL 1D $ORIGIN 0.0.127.in-addr.arpa. @    IN   SOA  localhost. root.localhost. (                1    ; serial                8H   ; refresh                15M  ; retry                1W   ; expire                1D ) ; minimum      IN   NS   localhost. 1    IN   PTR  localhost.

Then start up BIND:

# /etc/init.d/named start

You now have a local caching name server. See Recipe 24.10 to learn how to connect client PCs to your caching server.

24.15.3 Discussion

named is short for "name daemon."

BIND configuration files can grow and multiply like weeds, so using a naming convention like the one shown here will save your sanity. Zone files each start with "zone," and reverse pointer files start with "revp." You may call them anything you want, as long as you use a consistent naming scheme.

You can use each one of these sample files exactly as they are shown. The only change you might need to make is the listen-on directive in named.conf be sure to use your own network IP addresses. Leave localhost exactly as it is shown, unless you're using some exotic networking voodoo, in which case you already know what to do. Do not allow traffic from outside your network! There is no reason for you to supply caching services to the world.

The named.root file does not change very often. Check it every few months just for kicks. You may call it anything you like, as long as you record the filename in named.conf.

zone.localhost tells named that the address of localhost is 127.0.0.1.

revp.127.0.0 does the opposite of zone.localhost it tells named that the hostname associated with the IP address 127.0.0.1 is localhost.

Paul Heinlein wrote much of the gnarly BIND stuff for this chapter. Thank you, Paul! You can find Paul on madboa.com.

24.15.4 See Also

• named(8), named.conf(5)

• Chapter 6 of the Bind 9 Administrator's Reference Manual (http://www.bind9.net/Bv9ARM)