configuring bind for self hosting dns

Question

I have been reading about bind for a few days now, but one thing I am still unsure of is, how do I make my DNS settings available to the world?

Answer 1

1. You install BIND
2. You make sure it starts when the OS does chkconfig named on
3. You turn it on immediately service named start
4. You configure /etc/resolve.conf so that your DNS server looks to itself

5. You configure the options statement within named.conf:

   (a) Disallow zone transfers: allow-transfer { none; };

   (b) Disallow version queries: version “Not Available”;

   (c) Allow queries from any IP allow-query {any;};

   (d) Configure forwarders if you want to forward queries.

   (e) Configure your zones.

(And because markdown is broken, my list will start over at #1, but it should be #6)

6. Create your zone files in /var/named/
7. Create reverse lookup zones as needed.
8. Change ownership of the files you created to named:named
9. Allow TCP/UDP port 53 through your firewall. Yes, TCP. TCP is used not only for zone transfers, but for large queries (only applicable if you have a huge list of returns to a query though).
10. Restart bind: service named restart

Seem like a lot of work?

It is until you get the hang of it. Running a public DNS server is no joke as miscreants look at it like a rather toothsome morsel. If a DNS server can be hacked, it can be pointed at to deceive the unwitting. Treat it carefully and keep reading up on this.