The following are the best resources I could find on installing a BIND (9) server. I installed on Debian Lenny, but the principles of zone files etc are universal. I’ll also detail (somewhat) the steps to installing a BIND DNS server, and some of the common and annoying issues you may come across – damn you AppArmor!!!

For starters, here’s Zone files info. Zones and zone files is probably the most fundamental concept you need to understand when starting BIND/DNS use. Very basically, a zone in DNS terms is what you might in other conversations call a domain, sub-domain or url –  e.g. pokeroconnor.com is a zone, sub.pokeroconnor.com is a zone, poker is a zone etc. Each zone requires “definition” if you will, in named.conf, and forward and reverse zone files. A forward zone file for pokeroconnor.com defines forward name resolution, e.g. pokeroconnor.com to octal IP addresses (123.20.33.122). Reverse zone files then do the opposite (basically), providing octal -> name resolution.

In zone files you need to be aware of the following notation:

• SOA – start of authority
• IN – internet record
• MX – mail record
• NS – name server
• A – A class address (in octal) e.g. 111.2.3.44
• CNAME – really an alias for another zone e.g. if poker.me.com is a CNAME record for me.com, requests for poker.me.com resolve to me.com.

This is vital – every time you edit a zone file, you must increment (or change) the serial value. Otherwise your changes won’t get detected by BIND, and apparently its a very common source of errors. The common format of serial is e.g. 2009092201 – yes its the date, in year, month, day followed by the increment on that date, in this case 01. Of course you can have what you want here, just be sure to change it every time the file changes. More info here, and the definite work on BIND.

Then, to actually install Bind and setup your own nameservers, best links I could find are this and this basic one. Also install the dnsutils package. Important things to note are that it is a VERY good idea to setup bind/named to run in  a chroot ‘jail’. This is so that if someone hacks your bind install, they only have access to that particular app. Once you’ve followed these steps, e.g. install bind, setup chroot user, create zone files and configure named.conf etc, you can then cross your fingers and restart bind. Best place to check for errors of course is in your /var/log/syslog, so check it. I had a particularly annoying and extremely frustrating problem…I had everything installed and chrooted, zone files created, everything in its proper place, but bind would not start. I could stop it, but not start it. When I checked syslog, I saw errors similar to this:

named[22070]: zone 100.11.45.in-addr.arpa/IN: loading from master file 100.11.45.in-addr.arpa failed: file not found

Basically saying that the reverse zone files were not found…but they were there!! They were in the /var/lib/named/etc/bind directory as they should be, so how can the system be reporting them as not found??? It didn’t make ANY sense. Until that is, I eventually found this. If you run debian, I strongly suggest you check out that link. There is a package called AppArmor, which does what a chroot jail does. In other words, it restricts the access and rights of certain apps, and of course named is one of those apps it restricts!! The system couldn’t find the files that were there, because the named user was only allowed access to certain directories specified by AppArmor, and /var/lib/named/etc/bind was not one of them. So, simply doing apt-get –purge apparmor and restarting bind solved the problem. That was the hardest to solve error – I would recommend checking whether you have apparmor installed on your box, and if you do, and you don’t knowingly use it, then remove it!