1 – DNS Configurations

Por /

Default Configuration

All DNS servers work with three different types of configuration files:
1. Local DNS configuration files
2. Zone files
3. Reverse name resolution files

DNS Server [Bind9](https://www.isc.org/bind/)
It is widely used in Linux-based distributions.
Its local configuration file (named.conf) is divided into two parts:

1 – The options section for general configuration
2 – Zone entries for individual domains

Local configuration files are typically:
– `named.conf.local`
– `named.conf.options`
– `named.conf.log`

———————————————————————————–
Local DNS Configuration

root@bind9:~ cat /etc/bind/named.conf.local

//
// Do any local configuration here
//

// Consider adding 1918 zones here if they are not used in your organization
//include "/etc/bind/zones.rfc1918";
zone "domain.com" {
type master;
file "/etc/bind/db.domain.com";
allow-update { key rndc-key; };
};

In this file, we can define the different zones.
These zones are divided into individual files that, in most cases, are primarily intended for a single domain.
The exceptions are ISPs and public DNS servers.
In addition, there are many different options that extend or reduce functionality. These can be found in the Bind9 documentation.

A text zone file describes a DNS zone using the BIND file format.
It is a delegation point in the DNS tree.
The BIND file format is the industry-preferred zone file format and is now well established in DNS server software.
A zone file describes a zone completely.
There must be exactly one SOA record and at least one NS record.
The SOA resource record is usually located at the beginning of a zone file.
The primary purpose of these global rules is to improve the readability of zone files.

A syntax error typically results in the entire zone file being considered unusable.
The name server behaves as if this zone did not exist.
It responds to DNS queries with a `SERVFAIL` error message.

Zone Files

root@bind9:~# cat /etc/bind/db.domain.com

;
; BIND reverse data file for local loopback interface
;
$ORIGIN domain.com
$TTL 86400
@ IN SOA dns1.domain.com. hostmaster.domain.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ); minimum TTL of 1 day

IN NS ns1.domain.com.
IN NS ns2.domain.com

IN MX 10 mx.domain.com
IN MX 20 mx2.domain.com

IN A 10.129.14.5

server1 IN A 10.129.14.5
server2 IN A 10.129.14.7
ns1 IN A 10.129.14.2
ns2 IN A 10.129.14.3

ftp IN CNAME server1
mx IN CNAME server1
mx2 IN CNAME server2
www IN CNAME server2

The DNS server must have a reverse lookup file so that the IP address is resolved from the Fully Qualified Domain Name (FQDN).
In this file, the hostname (FQDN) is mapped to the last octet of an IP address, which corresponds to the respective host, using a PTR record.
PTR records are responsible for the reverse translation of IP addresses into names, as we saw in the table above.

Reverse Name Resolution Zone Files

root@bind9:~# cat /etc/bind/db.10.129.14

;
; BIND reverse data file for local loopback interface
;
$ORIGIN 14.129.10.in-addr.arpa
$TTL 86400
@ IN SOA dns1.domain.com. hostmaster.domain.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expires after 1 week
86400 ) ; minimum TTL of 1 day

IN NS ns1.domain.com.
IN NS ns2.domain.com.

5 IN PTR server1.domain.com.
7 IN MX mx.domain.com.
...SNIP...

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Copyright © 2025 JPRHACK | Contact

Some content on this blog is inspired by challenges from platforms like Hack The Box. All explanations are written originally for educational and personal learning purposes.

Scroll to Top