o\u00a0\u00a0 DNS IP Address:<\/strong> 1.1.1.1
o\u00a0\u00a0 Domain to configure:<\/strong> domain1.com
o\u00a0\u00a0 Web server IP address:<\/strong> 2.2.2.2<\/p>\n
\u00a0<\/p>\n
\u2022 Preparation<\/h2>\n
\u00a0<\/p>\n
o\u00a0\u00a0 Make sure that your system is updated before proceeding with the installation:<\/p>\n
\u00a7\u00a0 yum update \u2013y<\/strong><\/p>\n \u00a0<\/p>\n o\u00a0\u00a0 Now install the BIND and BIND Utilities packages:<\/p>\n \u00a7\u00a0 yum install bind bind-utils \u2013y o\u00a0\u00a0 Now open the BIND (named) configuration file and make few modifications.<\/p>\n \u00a7\u00a0 nano -w \/etc\/named.conf o\u00a0\u00a0 Sample \u2018\/etc\/named.conf<\/strong>\u2018 configuration file:<\/p>\n \u00a0<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0 dnssec-enable yes; \u00a0\u00a0\u00a0\u00a0\u00a0 \/* Path to ISC DLV key *\/ \u00a0\u00a0\u00a0\u00a0\u00a0 managed-keys-directory “\/var\/named\/dynamic”; logging { };<\/p>\n zone “.” IN { include “\/etc\/named.rfc1912.zones”; \u00a0<\/p>\n \u00a0<\/p>\n o\u00a0\u00a0 In the above sample configuration file listen-on has been commented to listen on all available interfaces. Recursion should be turned off to prevent your server from being abused in “reflection” DDoS attacks. The allow-transfer directive whitelists transfers to your secondary droplet’s IP. Furthermore, we have changed the allow-query directive to “any” in order to allow users proper access to hosted zones.<\/p>\n o\u00a0\u00a0 We have added a new zone for our domain, now add the following to your named.conf below the existing zones. And now our configuration file looks like this:<\/p>\n \u00a0<\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0 dnssec-enable yes; \u00a0\u00a0\u00a0\u00a0\u00a0 \/* Path to ISC DLV key *\/ \u00a0\u00a0\u00a0\u00a0\u00a0 managed-keys-directory “\/var\/named\/dynamic”; logging { zone “domain1.com” IN { include “\/etc\/named.rfc1912.zones”; \u00a0<\/p>\n \u00a0<\/p>\n o\u00a0\u00a0 Create the zone file, using the name you specified in the configuration above.<\/p>\n \u00a7\u00a0 nano -w \/var\/named\/domain1.com.zone o\u00a0\u00a0 Sample \u2018\/var\/named\/domain1.com.zone \u2018 configuration file:<\/p>\n ; Specify our two nameservers ; Define hostname -> IP pairs which you wish to resolve o\u00a0\u00a0 Start named for the first time. This may take several minutes while named generates the rndc.key file, which only occurs on first execution.<\/p>\n \u00a7\u00a0 service named restart<\/strong><\/p>\n o\u00a0\u00a0 When the named has started successfully, we would like to ensure that it is enabled as a startup service, by running the following:<\/p>\n \u00a7\u00a0 chkconfig named on o\u00a0\u00a0 Now we have a fully operational primary nameserver. You can verify that BIND is working correctly by running the following command, replacing 1.1.1.1 with the IP of your first droplet.<\/p>\n \u00a7\u00a0 dig @1.1.1.1 mydomain.com o\u00a0\u00a0 After any changes you make to the master zone files, you will need to instruct BIND to reload. To reload the zone files, we need to run the following command on the master nameserver:<\/p>\n \u00a7\u00a0 rndc reload \u00a0<\/p>\n \u00a0<\/p>\n \u00a0<\/p>\n o\u00a0\u00a0 It is generally advised to install the additional package “bind-chroot” which will drop the privileges of BIND into a chroot environment. If you’d like to enable this feature for the added security which it provides, you can do the following:<\/p>\n \u00a7\u00a0 yum install bind-chroot \u2013y<\/strong><\/p>\n \u00a7\u00a0 service named restart<\/strong><\/p>\n \u00a0<\/p>\n \u00a0<\/p>\n o\u00a0\u00a0 We need to configure child name server to make it available over the internet for everyone.<\/p>\n o\u00a0\u00a0 Login into domain control panel from http:\/\/store.domainsgofast.com\/customer<\/p>\n o\u00a0\u00a0 Search the order into control panel- domain\u00a0 and click on the domain name<\/p>\n o\u00a0\u00a0 On appeared page you will be able to see Child Name Server section, click on the same.<\/p>\n o\u00a0\u00a0 Fill the prefix like- ns1, in hostname section and IP in second section and click on submit.<\/p>\n \u00a0<\/p>\n \n
<\/strong><\/p>\n\u2022 BIND Installation<\/h2>\n
<\/strong><\/p>\n
<\/strong><\/p>\noptions {
\u00a0\u00a0\u00a0\u00a0\u00a0 #listen-on port 53 { 127.0.0.1; };
\u00a0\u00a0\u00a0\u00a0\u00a0 listen-on-v6 port 53 { ::1; };
\u00a0\u00a0\u00a0\u00a0\u00a0 directory “\/var\/named”;
\u00a0\u00a0\u00a0\u00a0\u00a0 dump-file “\/var\/named\/data\/cache_dump.db”;
\u00a0\u00a0\u00a0\u00a0\u00a0 statistics-file “\/var\/named\/data\/named_stats.txt”;
\u00a0\u00a0\u00a0\u00a0\u00a0 memstatistics-file “\/var\/named\/data\/named_mem_stats.txt”;
\u00a0\u00a0\u00a0\u00a0\u00a0 allow-transfer { localhost; };
\u00a0\u00a0\u00a0\u00a0\u00a0 allow-query { any; };
\u00a0\u00a0\u00a0\u00a0\u00a0 recursion no;<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 dnssec-validation yes;
\u00a0\u00a0\u00a0\u00a0\u00a0 dnssec-lookaside auto;<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 bindkeys-file “\/etc\/named.iscdlv.key”;<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 };<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 channel default_debug {
\u00a0\u00a0\u00a0\u00a0\u00a0 file “data\/named.run”;
\u00a0\u00a0\u00a0\u00a0\u00a0 severity dynamic;
\u00a0\u00a0\u00a0\u00a0\u00a0 };<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 type hint;
\u00a0\u00a0\u00a0\u00a0\u00a0 file “named.ca”;
};<\/p>\n
include “\/etc\/named.root.key”;<\/h6>\noptions {
\u00a0\u00a0\u00a0\u00a0\u00a0 #listen-on port 53 { 127.0.0.1; };
\u00a0\u00a0\u00a0\u00a0\u00a0 listen-on-v6 port 53 { ::1; };
\u00a0\u00a0\u00a0\u00a0\u00a0 directory “\/var\/named”;
\u00a0\u00a0\u00a0\u00a0\u00a0 dump-file “\/var\/named\/data\/cache_dump.db”;
\u00a0\u00a0\u00a0\u00a0\u00a0 statistics-file “\/var\/named\/data\/named_stats.txt”;
\u00a0\u00a0\u00a0\u00a0\u00a0 memstatistics-file “\/var\/named\/data\/named_mem_stats.txt”;
\u00a0\u00a0\u00a0\u00a0\u00a0 allow-transfer { localhost; };
\u00a0\u00a0\u00a0\u00a0\u00a0 allow-query { any; };
\u00a0\u00a0\u00a0\u00a0\u00a0 recursion no;<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 dnssec-validation yes;
\u00a0\u00a0\u00a0\u00a0\u00a0 dnssec-lookaside auto;<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 bindkeys-file “\/etc\/named.iscdlv.key”;<\/p>\n
};<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 channel default_debug {
\u00a0\u00a0\u00a0\u00a0\u00a0 file “data\/named.run”;
\u00a0\u00a0\u00a0\u00a0\u00a0 severity dynamic;
\u00a0\u00a0\u00a0\u00a0\u00a0 };
};
\u00a0
zone “.” IN {
\u00a0\u00a0\u00a0\u00a0\u00a0 type hint;
\u00a0\u00a0\u00a0\u00a0\u00a0 file “named.ca”;
};<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 type master;
\u00a0\u00a0\u00a0\u00a0\u00a0 file “domain1.com.zone”;
\u00a0\u00a0\u00a0\u00a0\u00a0 allow-update { none; };
};<\/p>\n
include “\/etc\/named.root.key”;<\/h6>\n\u2022\u00a0<\/strong>Configure BIND Zones<\/h2>\n
<\/strong><\/p>\n
<\/strong><\/p>\n
<\/strong>$TTL 86400
@ IN SOA ns1.domain1.com. root.domain1.com. (
\u00a0\u00a0\u00a0\u00a0\u00a0 2013042201 ;Serial
\u00a0\u00a0\u00a0\u00a0\u00a0 3600 ;Refresh
\u00a0\u00a0\u00a0\u00a0\u00a0 1800 ;Retry
\u00a0\u00a0\u00a0\u00a0\u00a0 604800 ;Expire
\u00a0\u00a0\u00a0\u00a0\u00a0 86400 ;Minimum TTL
)<\/p>\n
\u00a0\u00a0\u00a0\u00a0\u00a0 IN NS ns1.domain1.com.
; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses.
\u00a0\u00a0\u00a0\u00a0\u00a0 ns1 IN A 2.2.2.2<\/p>\n
@ IN A 2.2.2.2
www IN A 2.2.2.2<\/h6>\n
<\/strong><\/p>\n
<\/strong><\/p>\n
<\/strong><\/p>\n
<\/strong><\/p>\n
<\/strong><\/p>\n
<\/strong><\/p>\n\u2022 BIND in a chroot environment<\/h2>\n
<\/strong><\/p>\n
<\/strong><\/p>\n\u2022 Configuring child name server<\/h2>\n
![\"Creating](http:\/\/www.jodohost.com\/blog\/images\/2014-07\/a1orders-child-name-server_2.jpg "\\"Creating")
<\/a><\/div>\n<\/p>\n