Jump to content

Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox Open the Shoutbox in a popup

@  yordan : (14 April 2014 - 05:28 PM) By The Way, This Could Be An Interesting Subject For A Topic, What About Posting This Question? Let's See If Other People Have The Same Feeling Concerning Bootlists!
@  yordan : (13 April 2014 - 09:36 AM) Boot Order : Cd, [Usb,] Hard Drive :D
@  yordan : (11 April 2014 - 07:23 PM) I Simply Let The Bios Do That
@  Ritesh : (11 April 2014 - 10:23 AM) Is It Possible To Launch Fedora Live Cd Or Installation Disk From Hard Drive On Windows Platform Using Grub Mbr File.
@  Ritesh : (11 April 2014 - 10:21 AM) No U Are Not.. Btw.. I Have Question For You.
@  yordan : (10 April 2014 - 08:02 AM) You Are Partially Right.
I Was Not.
Nevertheless, I Am Again :)
@  Ritesh : (09 April 2014 - 07:33 PM) :P
@  Ritesh : (09 April 2014 - 07:33 PM) I Think U R Not..
@  yordan : (09 April 2014 - 09:28 AM) I'm The Master Of The Shoutbox!
@  yordan : (05 April 2014 - 10:32 PM) He-He
@  Ritesh : (04 April 2014 - 06:59 PM) Ha Ha Ha ....
@  yordan : (04 April 2014 - 11:15 AM) Welcome Back, Starscream!
@  yordan : (03 April 2014 - 02:31 PM) And I Hope That He Will Come Back Soon :)
@  yordan : (01 April 2014 - 02:53 PM) Nice, Ritesh Came, I'm Not Home Alone Today.
@  Ritesh : (01 April 2014 - 08:51 AM) Oh!!! Poor Dear Yordan..
@  yordan : (31 March 2014 - 10:02 AM) I'm A Poor Lonesome Cow-Boy
@  yordan : (27 March 2014 - 02:22 PM) He Is Unpatient Due To His Patients!
@  Ritesh : (27 March 2014 - 10:46 AM) :(
@  Ritesh : (27 March 2014 - 10:46 AM) He Is Busy With His Patients.
@  yordan : (26 March 2014 - 08:12 PM) Ahsani, Where Are You?

Replying to Howto: Domain Name Server On Linux DNS for your Intranet (or Internet) Serv

Post Options

    • Can't make it out? Click here to generate a new image

  or Cancel

Topic Summary


Posted 17 February 2011 - 08:14 AM

Well i will i have centos 5.5 can i use it with those commands .
Well it seems nice to me.
And i am familiar with some of commands.
K i will post it after give it a try.

Posted 16 August 2010 - 02:15 PM

rndc.keyHowto: Domain Name Server On Linux

I fell over when restarting bind because it couldn't find rndc.Key.  I think you should change the rndc-confgen line to:

 rndc-confgen -a -c /etc/rndc.Key

so the file is created

-reply by mcalex


Posted 05 May 2008 - 11:15 AM

domain problem
Howto: Domain Name Server On Linux

When I m open my server in internet explorer I linux it asking for username ,password and domain bt there is no any domain for my server address...Now without domain I can't access my server...Please send me any solution

-question by rahul

Posted 16 January 2008 - 04:38 AM

pls describe your mail server with this configuration so it will be beneficial for all
Howto: Domain Name Server On Linux


pls mention that how to setup mail server under this configuration and what steps are necessary for configuring linux mail server.It may be postfix/sendmail server.

Thanking You.


Maulik Shah

-Maulik shah


Posted 26 April 2005 - 08:13 PM

Hi, I'm using Mandrake 10.1 and was able to follow the tutorial fine (a few files were in different places but that was pretty much it), and everything looks good, but when I get to steps 9 and 10, this is what I get:

[root@localhost etc]# service named restart
Stopping named: rndc: connect failed: connection refused
Starting named: [ OK ]
[root@localhost etc]# dig danspage.info

; <<>> DiG 9.3.0 <<>> danspage.info
;; global options: printcmd
;; connection timed out; no servers could be reached

Any idea what is wrong? Also, I will want to be using this on the internet, not just my intranet, so do you have any idea on how to fix the "rndc: connect failed: connection refused" error message. I was previously just trying to set bind up with the webmin, but was getting this error then as well. Any suggestions would be greatly appreciated.


I was able to fix my rndc error. I had to go into named.conf and rndc.conf and make sure all of the key names matched (named.conf had 'nrdckey' and rndc.conf just had 'key'). So I matched all of the names up. It sill wasn't working, but then I noticed the 2 files were using different "secrets", so I just copied and pasted my rndc.conf secret to the named.conf and no more errors :P

However, I am still getting a timeout when doing a dig to my server. Any ideas?

Thanks. Dan.


Posted 02 February 2005 - 09:24 PM

Very well written tutorial, this is something i spent AGES experimenting with about a year ago, and struggled with. Wish i had a high quality tutorial like this then.


Posted 02 February 2005 - 09:22 PM

Great tutorial, thank you for the tutorial. This is great work. I gave you another +1 reputation and you deserve it.

Is this a webserver that you setup? can you fill us in on the rest of the journey, what you are doing for security etc.



This is a web/ftp/mail - all thrown in server that I'm using for development of distributed apps. But my whole point was to try and get it ready to be hooked onto the net with as little hitch as possible when the time comes. So I descended upon this long & wandering journey, which I don't see any end to. I guess, more of such adventures on taming the linux beast are about to come ;)

Thanks again NilsC & musichere...


Posted 02 February 2005 - 08:59 PM

Wow that was beautiful, keep up the good work :)


Posted 02 February 2005 - 08:51 PM

Great tutorial, thank you for the tutorial. This is great work. I gave you another +1 reputation and you deserve it.

Is this a webserver that you setup? can you fill us in on the rest of the journey, what you are doing for security etc.



Posted 02 February 2005 - 08:31 PM

HOWTO: Setup a Local Domain Name Server (DNS) for your Intranet

Experimentation Platform:
Intel P4 3.0Ghz (Intel MB)
2 x 80 GB HDD on RAID 1 (Disk Mirroring) - alloted entirely to Linux

Linux - Redhat Enterprise AS Server v3

a. I was trying to setup the system so that later on when my server goes online, I don't
have to modify much to make my nameservers work with the internet - so I used my registered domain
"microsys-asia.info" and an internal IP: "" - as the server IP. In future when my server
goes online, all I've to do is modify this IP and all will be good. So throughout the tutorial
you'll find reference to this domain and the IP used. For your own case, just change to domain to
whatever you feel like and choose a suitable IP to go with.
b. Another standard I've followed is - all console input/output are marked between a pair of CONSOLE tags - they'll appear in a yellow bordered box with black nackground and yellow text.

Make sure the following services are up & running - coz they'll be the ones affected most due to the dns setup:

a. httpd
b. ftpd
c. MTA (Mail Transport Agent) like Postfix, Sendmail etc.

You can see a list of running services using:
shell> service --status-all | less[/b]

Right, lets get to business now.
Once your system is setup and running, either login as "root" or use any other login and use "sudo" to
get root access.

Step 1 - Checking the NIC Card Functionality

Make sure your NIC (Network Interface Card) or Ethernet Card is up and running.
You can check this with -
[b]shell> ifconfig [/b]

This should display information about your primary NIC (called "eth0" and the local loopback interface
called "lo"). It'll be somewhat in the following format:
[b]eth0 Link encap:Ethernet HWaddr 00:0D:88:39:D2:69
inet addr: Bcast: Mask:
inet6 addr: fe80::20d:88ff:fe39:d269/64 Scope:Link
RX packets:24633 errors:0 dropped:0 overruns:0 frame:0
TX packets:32779 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2843295 (2.7 Mb) TX bytes:3524410 (3.3 Mb)
Interrupt:225 Base address:0xb800 [/b]

Notice my NIC MAC Address on the first line & my IP and Subnet Mask in the second line.

Step 2 - Configuring the "hosts" file

This file resides in the "/etc" directory and contains the localhost entry (a special entry that must
be present) and any other entries that you care to enter. In fact this file alone can act like a simple DNS,
if you compile a huge list of matching IP and domain names here.
Each entry will take on this form:
"IP address" "Fully Qualified Domain Name (FDQN)" "alias"

The hosts file will look like:
  [b] localhost.localdomain localhost getafix.microsys-asia.info getafix[/b]

This file should contain at least those two lines - the localhost is a neccessity as well as your
server IP and hostname.domainname. As for the spaces in between the fields make it a point to use ONE
TAB STOP for each.

"getafix" here is the name of my server or its hostname (which you can set using the "hostname"
command - Usage: hostname NameOfYourHost). Alternatively, you can set your hostname by editing a file
called "network" located in the "/etc/sysconfig/" directory.

Step 3 - Generating a rndc key-pair

Here's what the linux man pages say about "rndc":

  rndc controls the operation of a name server.  It  supersedes  the  ndc
      utility that was provided in old BIND releases. If rndc is invoked with
      no command line options or arguments, it prints a short summary of  the
      supported commands and the available options and their arguments.

      rndc  communicates  with the name server over a TCP connection, sending
      commands authenticated with digital signatures. In the current versions
      of  rndc and named named the only supported authentication algorithm is
      HMAC-MD5, which uses a shared secret on each  end  of  the  connection.
      This provides TSIG-style authentication for the command request and the
      name server's response. All commands sent  over  the  channel  must  be
      signed by a key_id known to the server.

As you can see, the rndc key's are much required to control your nameserver. Here's how to generate
the rndc keys. There's a file called "rndc-confgen" located in the "/usr/sbin/" directory.
Simply run the file "rndc-confgen":
[b]shell> rndc-confgen[/b]

It will give you an output similar to this:
[b]# controls {
# inet port 953
# allow {; } keys { "rndckey"; };
# };

# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "RN5xaE0Yr7ar1v0sPugf2g==";

options {
default-key "rndckey";
default-port 953;
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "RN5xaE0Yr7ar1v0sPugf2g==";
# };
# controls {
# inet port 953
# allow {; } keys { "rndckey"; };
# };
# End of named.conf[/b]

Carefully notice the "commented out" block of code (the lines with the starting '#') in the SECOND HALF of
the block - from "#Use with the..." till "#End of named.conf". Save this output into another file. You are going
to need it SOON. If you are using a terminallike PuTTY to access your server your can simply drag your mouse over
the desired area and highlight it. Then open a blank file in "vi" and right-click the mouse. That'll paste your
code in the file. Save and exit.

Step 4 - Editing "/etc/named.conf"

We're going to step into some messy editing now. In your "/etc/" folder there is
a file named "named.conf". Open the file in vi or whatever editor you are using.
[b]shell> vi /etc/named.conf[/b]

You're going to face something similar to this:
[b] options {
directory "/var/named";

// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.
// query-source port 53;

controls {
inet allow { localhost; } keys { rndc_key; };

zone "." {
type hint;
file "named.ca"

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };

Between the "option { }" section, after the "directory" clause insert the following:

host-statistics no;
fake-iquery no;
version "Bind"; //This reports just Bind and not it's version to any would be hacker
recursion no;

Now delete the "controls {" clause entirely, and in its place insert the rndc-confgen OUTPUT that
you had earlier saved. Now scroll down below the section titled zone "." { till you reach the ending
brace "};" after the zone "localhost" IN. Make sure you UNCOMMENT the lines starting at key "rndckey" { till the ending brace }; right before # End of rndc.conf.
Put a blank line after it.

Now on a fresh line add in the following:
zone "microsys-asia.info" IN {
type master;
file "microsys-asia.info.zone";
allow-update { none; };

You should put in your own domain in place of "microsys-asia.info" within the quotes after "zone" and between
the quotes after the "file" clause. Make sure you keep the ".zone" part after it.

Below this insert another similar block but with a few modifications:
zone "168.19.10.in-addr.arpa" IN {
type master;
file "reverse.microsys-asia.info.zone";
allow-update { none; };

This is how you figure out what to include after the "zone" between the quotes. Say my IP here is:
First, I'd write it backwards i.e. and then chop off the leading 5. leaving me with just
168.19.10. To that I add, .in-addr.arpa giving me a string 168.19.10.in-addr.arpa - which is my
reverse resolution zone. As for the part beside the file clause, you can copy it from the zone above and just add the
word reverse. in front of it. That should do.

Now the last bit of editing for this file.. Check if there are any more zones below this. There should be one like:
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };

Do you notice any similarity here with the zone that you just created ? This is indeed the reverse lookup zone for
your local loopback interface or localhost( If this zone is missing from the file, just copy the above section
Besides this, the last line in the file should be:
include "/etc/rndc.key"; - if this line is missing, blindly insert it too.
Now save this file and quit the editor.

Step 5 - Creating the "forward" zone database
Recall the filenames that we specified for our forward and reverse zones in Step 4 ??
file "microsys-asia.info.zone";
file "reverse.microsys-asia.info.zone";

These files must be created for the zones to read them and function properly. They aren't generated by default.
We are going to create these files now. The default directory for the zone files (on a typical linux system) is
"/var/named/" or any directory that was specified as the <DNS ROOT> using the "directory" clause
in the "named.conf" file. If you can't recall scroll back to the beginning of Step 4 and you'll notice it right there:
options {
directory "/var/named";

Anyway, use your editor to create two blank files in the directory "/var/named/" -
a. "microsys-asia.info.zone" &
b. "reverse.microsys-asia.info.zone"

Now open the first file, "microsys-asia.info.zone". Insert the following lines into the file, modifying
wherever necessary and replacing my microsys domain & ip with your own domain and ips.
$TTL 604800
; Information about "forward" domain microsys-asia.info
$ORIGIN microsys-asia.info.
@ IN SOA ns1.microsys-asia.info. webmaster.microsys-asia.info. (
2004042601 ; serial
86400 ; refresh
7200 ; retry
1209600 ; expiry
604800 ) ; minimum

; Define name servers for this domain
IN NS ns1.microsys-asia.info.
; Define Mail Exchanger for this domain
IN MX 10 mail.microsys-asia.info.

; Define name to address mapping for this domain
ns1 IN A
www IN A
ftp IN A
mail IN A

; Loopback domain
localhost IN A[/b]

One word about this file - notice the trailing dot (".") wherever I've specified a domain name - DO NOT MISS
In the third line beside, "ns1.microsys-asia.info", notice the "webmaster.microsys-asia.info". This is in
actuality the webmasters email address. Its really webmaster@microsys-asia.info but in here the "@" is
replaced with a "." The numerical values within the paranthesis can be modified suitably. They are mostly
time specifications converted to seconds.

The line:
; Define name servers for this domain
IN NS ns1.microsys-asia.info.

sets up the nameserver for you. It means we are declaring ns1.microsys-asia.info as your nameserver. Don't
forget to replace my domain with yours after the ns1. and don't forget the trailing "." either. If you have more than
one nameservers, insert similar lines below and instead of "ns1." put "ns2." and so on.
IN NS ns2.microsys-asia.info.

Next is your Mail Exchanger which is utilized by the Mail Transport Agents to forward mails to the correct domain.
; Define Mail Exchanger for this domain
IN MX 10 mail.microsys-asia.info.

The number 10 means we setting a priority of 10 to the mail server. Since we only use one mail server the priority
has no effect.

The next line: IN A The "IN A" means we are declaring a host (with no hostname,
so it means microsys-asia.info) and it's IP is Any queries on just microsys-asia.info will resolve to
that IP. Its useful when you configure your web server to load microsys-asia.info OR www.microsys-asia.info.
They both point to the same thing and will return the same web site. If you have an external ISP alloted IP you can
replace this by it to hook your server up to the net. Otherwise, just use your internal IP like me.

The rest of the entries mean we are declaring hosts:
ns1 = ns1.microsys-asia.info
If you have more than one nameserver - it should get listed here along with its ip.
www = www.microsys-asia.info
ftp = ftp.microsys-asia.info
mail = mail.microsys-asia.info
Since they all share the same IP, each of those services will run from the same machine. If you have the mail server
running on a different machine then you should substitute that machines IP address in place of

Now save this file and quit.

Step 6 - Creating the "reverse" zone database

It's time to setup the reverse lookup zone for your IP. Open the blank file "reverse.microsys-asia.info.zone"
that you had created and insert the following lines:
; Information about "inverse" domain 168.19.10.in-addr.arpa.
@ IN SOA ns1.microsys-asia.info. webmaster.microsys-asia.info. (
2004042601 ; serial (d. adams)
86400 ; refresh
7200 ; retry
1209600 ; expiry
604800 ) ; minimum

; Define name servers for this domain
IN NS ns1.microsys-asia.info.

; Define name to address mapping for this domain
5 IN PTR ns1.microsys-asia.info.[/b]

Notice how the IP has been reversed and placed, as I taught you earlier. We had always truncated the last segment ".5"
from the IP before adding it in as the reverse address - that's what is mentioned in the last line - the beginning digit.
If you last IP segment is some other number, replace the 5 in the last line with that.
Now save the file and quit. We are almost done.

Step 7 - Creating the "reverse" zone database for localhost

You don't really have to edit this file - it is created by BIND by default and placed is your DNSROOT, i.e. the
directory containing the zone files, "/var/named/" in this case. Look for a file called "named.local"
It should contain exactly the following lines:
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.

1 IN PTR localhost.[/b]

If the file is missing - just create one with the same name and insert the lines above. Save and quit.

Step 8 - Editing "/etc/resolv.conf"

Open your editor again and load the file called "resolv.conf" in your "/etc/" directory.
Insert the following lines:
domain microsys-asia.info
search microsys-asia.info[/b]

Of couse, replace the domain and ip with your own. Notice, only your first nameserver is being specified here and
listed against its IP. The "search" clause tells the server to dig into the system if it can't find the first
nameserver and try to track the other ones. Also if you have more than one nameservers, you should list them serially
here with multiple nameserver clauses, like:
nameserver xx.xx.xx.xx
nameserver yy.yy.yy.yy
nameserver zz.zz.zz.zz and so on...
Save and quit.

Step 9 - Restarting "named" or the DNS Server

We are more or less done. All that remains now is to restart the name daemon to load the modified configuraiton
info. Execute the following command:
shell> service named restart[/b]

Alternatively, you can use: /etc/rc.d/init.d/named restart

You should see something like:
Stopping named: [ OK ]
Starting named: [ OK ][/b]

If you see bthis - we are ALL SET and ready to go. If you get an error message saying, "rndc: connect failed:
connection refused"
, IGNORE. It doesn't really matter till you are hooked onto the outside world.

Step 10 - Final Step: Check your nameserver

Use the tools named "nslookup" and/or "dig" to check if your nameserver is resolving properly.
shell> dig microsys-asia.info


shell> nslookup microsys-asia.info[/b]

On my system, dig reports:
shell> dig microsys-asia.info

; <<>> DiG 9.2.3 <<>> microsys-asia.info
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21513
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;microsys-asia.info. IN A

;; Query time: 1 msec
;; WHEN: Thu Feb 3 03:12:27 2005
;; MSG SIZE rcvd: 36[/b]

This means all is WELL :) and we are DONE.

Have fun and if you need clarifications on any part, please don't hesitate to post here and I'll try to make suitable
ammends to the tutorial and reply to your posts as well.

Best of luck & Cheers

Review the complete topic (launches new window)