YvEs2005

Add the statement "NO_BIND = YES" to the make.conf file located in /etc. The following commands will append this statement to make.conf or create the file if it does not exist:

# cp /etc/make.conf /etc/make.conf.old
# echo "NO_BIND = YES" >> /etc/make.conf

This tells the make command not to build the base version of BIND if you rebuild FreeBSD from source, preventing the system from downgrading BIND to that older version.

We need to edit the named.conf file in /var/named/etc/namedb. Open the file:

# ee /var/named/etc/namedb/named.conf

Scroll down and comment the listen-on declaration with two forward slashes (//). This allows BIND's named daemon to answer both external and local DNS queries; the default behavior is to answer only local queries. This line (~21) should appear as follows:

//      listen-on       { 127.0.0.1; };

Scroll down and remove the forward slash and asterisk (/*) on the line above the forwarders declaration. Replace 127.0.0.1 with your ISP's nameservers. Separate nameserver entries with a semicolon (;). Also remove the asterisk and forward slash (*/) following the forwarders declaration. The forwarders declaration (~43-47) should look like this (of course, your IP addresses will be different):

forwarders {
        202.13.68.62;68.103.31.52;
};

Scroll down to the bottom of named.conf and add the following lines to add your forward lookup zone (substitute your domain name for example.com):

zone "example.com" {
    type master;
    file "master/example.com";
    allow-transfer { localhost; };
    allow-update { key rndc-key; };
};

If you are connected directly to the Internet (no NAT router) and have a dynamic public IP address, then skip to step 8. If you are connected directly to the Internet with a static IP address or have a static local IP address behind a NAT router, add the following lines below the forward lookup zone you specified in step 5. This will define your reverse lookup zone.

zone "1.168.192.in-addr.arpa" {
    type master;
    file "master/example.com.rev";
    allow-transfer { localhost; };
    allow-update { key rndc-key; };
};

Substitute the first three octets of your server's static IP address in reverse order for 1.168.192. The above example is correct if your local network uses the IP subnet 192.168.1.XXX. Substitute your domain name for example.com.

Write down the reverse zone's name (1.168.192.in-addr.arpa, in this example). You will need it later when you create the reverse zone file. Save and exit.

Create the rndc.key file and append its contents to the bottom of the named.conf file. The rndc.key file is an encryption key that the rndc utility needs in order to function; it is also used to authenticate the DHCP server to BIND when communicating dynamic DNS updates. The following commands will create the key and append it to named.conf:

# rndc-confgen -a
# cd /var/named/etc/namedb
# cp named.conf named.conf.old
# cat rndc.key >> named.conf

Create the master forward lookup zone file. Replace example.com with your domain name; it must match the domain name you specified in step 5.

# cd /var/named/etc/namedb/master
# ee example.com

This is the example.com forward lookup zone file, followed by explanations of each line:

$TTL    3600

example.com.   IN    SOA   host.example.com.    root.example.com. (

                                1       ;       Serial
                                10800   ;       Refresh
                                3600    ;       Retry
                                604800  ;       Expire
                                86400 ) ;       Minimum TTL
;DNS Servers
example.com.         IN      NS              host.example.com.

;Machine Names
host.example.com.    IN      A               192.168.1.11

;Aliases
www                  IN      CNAME           host.example.com.

;MX Record
example.com.         IN      MX      10      host.example.com.

$TTL    3600

TTL (or Time To Live) is 3,600 seconds. This is the amount of time for which other DNS servers should cache information from this zone.

example.com.   IN    SOA     host.example.com. root.example.com. (

example.com. is the forward zone name.

IN is a data type that means Internet data.

SOA stands for start of authority.

host.example.com. is the hostname of computer that holds this zone file.

root.example.com. is the email address of the person responsible for the zone (in zone files, the @ symbol is used to represent the zone name, so the period is used to separate the username from the domain name in the email address).

( The left parenthesis indicates the start of the SOA record.

1       ;       Serial

The serial number is a number you can choose; it is usually increased by one every time you make a change to the zone file. You may use a date (in the format YYYYMMDD) instead.

10800   ;       Refresh

If there is a slave server configured, this is the number of seconds it waits before contacting this master server for an update.

3600    ;       Retry

This is the number of seconds a slave server would wait before retrying a connection to the master server if it ever loses contact.

604800  ;       Expire

If the slave server cannot contact the master server within this time, in seconds, it will stop answering DNS queries.

86400 ) ;       Minimum TTL

This is the amount of time in seconds that a negative answer is cached. If a client tries to resolve a host that does not exist, the server will answer negatively until this time runs out before actually trying to resolve the address again.

;DNS Servers
example.com.    IN      NS              host.example.com.

example.com. is the forward zone's name or domain name.

NS is a record type meaning nameserver.

host.example.com. is the fully qualified domain name of the nameserver. (The period at the end means the FQDN is absolute; without it, named would automatically append example.com to it—so don't forget the period.)

;Machine Names
host.example.com.    IN      A               192.168.1.11

host.example.com. is the FQDN of a host on the domain.

A is a record type meaning a host address.

192.168.1.11 is the IP address of the host (IP addresses don't need terminating periods; they are considered absolute).

;Aliases
www                  IN      CNAME           host.example.com.

www is the FQDN of the aliased host on the domain. (Notice that there is no period after www; named will automatically append the domain example.com. If this is confusing, you may simply type www.example.com. here instead.)

CNAME is a record type meaning canonical name for an alias.

host.example.com. is the actual hostname of the alias.

;MX Record
example.com.         IN      MX      10      host.example.com.

example.com. is the MX's domain name.

MX is a record type meaning mail exchanger.

10 is the priority of the specified mail server. (Email destined for your domain will be directed to the highest priority mail server, then lower priority mail servers; the lower number is the higher priority.)

host.example.com. is the FQDN of mail server (no IP addresses).

When you finish creating your forward lookup zone file, save and exit.

We will construct the reverse lookup zone file called example.com.rev. If you did not specify one in named.conf (step 6), skip to "Testing". This file contains the same basic information as the forward lookup zone file. All A and CNAME record types now become PTR records. Replace example.com with your domain name; it must match the domain name you specified in step 5.

# ee example.com.rev

This is the example.com.rev reverse lookup zone file in the /var/named/etc/namedb/master directory, followed by explanations of items not previously covered:

$TTL    3600

1.168.192.in-addr.arpa. IN  SOA host.example.com.  root.example.com.   (

                                1       ;       Serial
                                10800   ;       Refresh
                                3600    ;       Retry
                                604800  ;       Expire
                                86400 ) ;       Minimum TTL
;DNS Servers
1.168.192.in-addr.arpa.   IN      NS              host.example.com.

;Machine IPs
11                        IN      PTR             host.example.com.
11                        IN      PTR             www.example.com.

The elements in this file are explained in detail below.

1.168.192.in-addr.arpa. IN  SOA host.example.com.  root.example.com.

1.168.192.in-addr.arpa. is the reverse zone's name. It should match what you entered in the named.conf file (refer to step 7 on page 76).

;DNS Servers
1.168.192.in-addr.arpa.   IN      NS              host.example.com.

The DNS server NS record should point to the reverse zone's name. An @ symbol here would work too. In the context of DNS zone files, the @ symbol represents the zone's name.

;Machine IPs
11              IN      PTR             host.example.com.

11 is the last octet of host.example.com's IP address.

PTR is a record type meaning pointer.

Notice the 11 above does not end with a period. It will be automatically prefixed to this file's zone name (1.168.192.in-addr.arpa.). The result will point host.example.com to a reverse IP of 11.1.168.192.in-addr.arpa.. When your reverse zone file is complete, save and exit.

If you will not be enabling dynamic DNS updates, skip to "Testing." BIND will expect the forward and reverse zone files to be stored in the /var/named/etc/namedb/dynamic directory. Copy these two zone files to the /var/named/etc/namedb/dynamic directory like this:

# cd /var/named/etc/namedb/master
# cp example.com ../dynamic
# cp example.com.rev ../dynamic
# chown -R bind /var/named/etc/namedb/dynamic

Be sure to substitute your domain name for example.com.