Networking / Beginners

Running a DNS Server

Linux comes with BIND, the best DNS server that money can buy. BIND is an extremely powerful program. Some people make entire careers of setting up and configuring BIND. In these few short pages, touch on the very basics of setting up a DNS server on your network.

Installing BIND

You can quickly find out whether BIND is installed on your system by entering the following command from a shell prompt:

rpm -q bind

If BIND has been installed, the package version is displayed. If not, the message package bind is not installed is displayed.

BIND is usually installed by default when you install Linux as a network server. If it isn't, you can easily install it by following these steps:

  1. Choose System → Administration → Add/Remove Software.
    This summons the Add/Remove Software program.
  2. Type Bind in the text box and click the Find button.
    The BIND package will be located.
  3. Select the Berkeley Internet Name Domain (BIND) DNS (Domain Name Server) package.
  4. Click Apply.
    The Add/Remove Software program grinds and whirs for a moment and then installs the package you selected.
  5. Close the Add/Remove Software program.
    You're done! BIND is now installed.

Looking at BIND configuration files

Although Fedora Linux includes a handy BIND configuration tool, you still need to know the location and purpose of each of BIND's basic configuration files. These files are described in the following sections.


This file, found in the /etc directory, is the basic BIND configuration file. This file contains global properties and links to the other configuration files.

Because the Fedora BIND configuration tool edits this file, you shouldn't edit this file directly. If you need to set your own configuration options, use named.custom instead.

Here's a typical named.conf file:

## named.conf - configuration for bind
# Generated automatically by redhat-config-bind, alchemist et al.
# Any changes not supported by redhat-config-bind should be put
# in /etc/named.custom
controls {
	inet allow { localhost; } keys { rndckey; };

include "/etc/named.custom";
include "/etc/rndc.key";
zone "" {
		type master;
		file "";
zone "localhost" {
		type master;
		file "";
zone "" {
		type master;
		file "";

The line include "/etc/named.custom"; is what causes the named. custom file to be read in. The zone lines name the zone files for each domain for which the server is responsible.

By default, this file always includes two zones:, which is the reverse-lookup zone for localhost, and localhost, the zone file for the local computer. Any other zones that you've added through the Fedora BIND configuration tool appear in this file as well.


This file, also found in /etc, lets you add information to the named.conf file. Here's a typical named.custom file:

## named.custom - custom configuration for bind
# Any changes not currently supported by redhat-config-bind should be put
# in this file.
zone "." {
    type hint;
    file "";
options {
	directory "/var/named/";

One reason to use this file is if you want to include zone files that you create yourself without the aid of the Fedora BIND configuration program. If you want to include your own zone file, just add a zone statement that names the zone file. For example, suppose that you want to add a zone named, and you've manually created the To include this zone, add these lines to the named.custom file:

zone "" {
    type master;
    file "";

This file, located in the /var/named directory, lists the names and addresses of the Internet's root servers. It's a fascinating file to look at because it helps to unveil the mystery of how the Internet really works. You shouldn't change it, however, unless, of course, you happen to be the administrator of one of the Internet's root servers.

Here's the file that ships with Fedora 12:

; 	This file holds the information on root name servers needed to
; 	initialize cache of Internet domain name servers
; 	(e.g. reference this file in the "cache . <file>"
; 	configuration file of BIND domain name servers).
; 	This file is made available by InterNIC
; 	under anonymous FTP as
; 	    file 	/domain/named.cache
; 	    on server 	FTP.INTERNIC.NET
;	last update: Jan 29, 2004
; 	related version of root zone: 2004012900
; formerly NS.INTERNIC.NET
. 			3600000 IN NS 	A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 	3600000    A
; formerly NS1.ISI.EDU
. 			3600000    NS 	B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 	3600000     A
; formerly C.PSI.NET
.			3600000    NS 	C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 	3600000    A
; formerly TERP.UMD.EDU
. 			3600000    NS 	D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 	3600000     A
; formerly NS.NASA.GOV
. 			3600000    NS 	E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 	3600000    A
; formerly NS.ISC.ORG
. 			3600000    NS 	F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 	3600000    A
; formerly NS.NIC.DDN.MIL
.			3600000    NS 	G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 	3600000    A
; formerly AOS.ARL.ARMY.MIL
. 			3600000    NS 	H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 	3600000    A
; formerly NIC.NORDU.NET
. 			3600000    NS 	I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 	3600000    A
; operated by VeriSign, Inc.
. 			3600000    NS 	J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 	3600000    A
; operated by RIPE NCC
. 			3600000    NS 	K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 	3600000    A
; operated by ICANN
. 			3600000    NS 	L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 	3600000    A
; operated by WIDE
.			3600000    NS 	M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 	3600000    A
; End of File
An organization named InterNIC keeps the file up to date. You can download the most current version of from InterNIC's FTP site at Every once in awhile, InterNIC publishes a new version of this file, so you should check now and then to make sure that your file is current.

This file, located in /var/named, is a zone file for your local computer - that is, for the localhost domain. Rarely (if ever) do you need to modify it. It typically looks like this:

$TTL 	86400
@ 	IN 	SOA 	localhost. root.localhost. (
			1997022700 ; Serial
			28800      ; Refresh
			14400 	   ; Retry
			3600000    ; Expire
			86400 )    ; Minimum
	IN 	NS 	localhost.
1 	IN 	PTR 	localhost.
Zone files

Each zone for which your DNS server is authoritative should have a zone file, named and located in the /var/named directory. If you like to edit DNS records directly, you can create this file yourself. Or you can use the point-and-click interface of the Fedora BIND configuration tool to automatically create the file.

Here's a typical zone file, named

$TTL 86400
@ 	IN 	SOA 	root.localhost (
			2 ; serial
			28800 ; refresh
			7200 ; retry
			604800 ; expire
			86400 ; ttl
@ 	IN 	MX 	1
www 	IN 	A

Table-1 lists the most common types of records that appear in zone files.

Table-1 Common Resource Record Types
SOAStart Of AuthorityIdentifies a zone.
NSName ServerIdentifies a name server that is authoritative for the zone.
AAddressMaps a fully qualified domain name to an IP address.
CNAMECanonical NameCreates an alias for a fully qualified domain name.
MXMail ExchangeIdentifies the mail server for a domain.
PTRPointerMaps an IP address to a fully qualified domain name for reverse lookups.

Restarting BIND

BIND runs as a service called named. As a result, when you make changes to your DNS configuration, you have to restart the named service to apply the changes. To do that, use this command:

service named restart

You can also restart the named service from the Service Configuration tool. Choose Main Menu → System Settings → Server Settings → Services. This brings up a dialog box that lists all of the running services. Scroll down the list to find named, select it, and then click the Restart button.

[Previous] [Contents] [Next]