Recently I migrated core functionality from my home Windows 2000 Server to a new host running ESXi 4.0 with three Ubuntu Server 9.10 VMs. If you want to see a simple diagram on my set up, view my article on Linux Backup Shell Script. One of the core functionality that I migrated was my internal DNS services. Hence the title of this article, DNS Server with Bind9.

bind9

I am impressed, once again, with Linux and the services residing within this amazing operating system. The most amazing part about Linux services is that many of them have been around as long as I have — where have I been?

Before I begin rambling too much, let’s get started on creating DNS forward and reverse zones for your local network …

First ensure you have bind9 installed by running the following command:

whereis bind

If the results is blank, such as just “bind: “, then you will need to install bind9. On Ubuntu, I would imagine the command would look like this:

sudo apt-get install bind9

Forward Zones

We need to configure your DNS forward zones, which will provide name to address resolution in your internal network. As we progress the configuration, keep in mind that your specific configuration will be slightly different than mine; adapt as needed.

For simple networks, such as mine at home, there are only a few changes that you will need to make for Forward lookup zones. The first file is /etc/bind/db.local.

/etc/bind/db.local

The changes are fairly easy because we going to use most of what is provided in the original file. Change the Start of Authority (SOA) to be the domain environment for your network. My domain is dt.local and my primary DNS server is dtsfile.dt.local. Change the SOA to reflect your choices and also change the nameserver (NS) line to be your primary DNS server.

Also, you will want to add A records for your various servers/computers on the network. For this example, I added my Asterisk server:

dtsvoip.dt.local.	IN	A	192.168.0.11

The next file to change, which we will also make changes for reverse DNS at the same time, is the /etc/bind/named.conf.default-zones file.

/etc/bind/named.conf.default-zones

The line for the primary zone, which references the /etc/bind/db.local file must state your local domain in the quotes following the zone directive:

zone “dt.local” {
  type master;
  file “/etc/bind/db.local”;
};

As we have more changes in this file, leave it open and continue to the next section.

Reverse Lookup Zones

As you probably know, a reverse lookup provides a name to an IP address. In Windows you would find the name of 192.168.0.10 by typing “nslookup 192.168.0.10” from a command prompt. If you have configured reverse DNS properly, you will see output similar to this:

C:\>nslookup 192.168.0.10
Server:  dtsfile.dt.local
Address:  192.168.0.10

Name:    dtsfile.dt.local
Address:  192.168.0.10

You may be wondering why the entry appears twice. This is because the Server and the name that I am looking up is the same server. If I were to locate my Asterisk server, it would look like this:

C:\>nslookup 192.168.0.11
Server:  dtsfile.dt.local
Address:  192.168.0.10

Name:    dtsvoip.dt.local
Address:  192.168.0.11

On with the configuration…

/etc/bind/named.conf.default-zones

If you were paying attention in the previous section you would still have that file open. Regardless, let’s add another zone to the file that represents our reverse lookup for the IP subnet in your network. In my network I use 192.168.0.0/24 which is the same as saying 192.168.0.0 with a subnet of 255.255.255.0 (192.168.0.0 to 192.168.0.255).

Immediately after the zone directive for your domain, add the following text for your reverse lookup:

zone “0.168.192.in-addr.arpa” {
  type master;
  file “/etc/bind/db.0.168.192”;
};

If you’re sharp, you’ll immediately know that the file db.0.168.192 doesn’t exist. We’ll create it next. And yes, it’s backwards; in reverse DNS lookups the IP address is reversed as part of the requirements set in the RFC and obviously for functionality pointing back to the host name of the IP. Read more: http://en.wikipedia.org/wiki/Reverse_DNS_lookup

Save changes to named.conf.default-zones.

/etc/bind/db.0.168.192

Next we’ll create a new zone db file for our newly created reverse lookup. Start by copying db.0 into a new file named db.0.168.192 (or whatever your local subnet IP address is).

cp /etc/bind/db.0 /etc/bind/db.0.168.192

Just like in your db.local file, let’s change the SOA to reflect your domain and nameserver. This includes the NS line that should already exist in the file. Now let’s add pointer (PTR) records for your servers/computers on the network. I’ll use mine for examples:

10	IN	PTR	dtsfile.dt.local
11	IN	PTR	dtsvoip.dt.local

Save changes to db.0.168.192.

Forwarders

The last section, assuming you want to use this DNS server as your primary DNS on all computers, is to set up a forwarder for all names that are not a part of your network. You will need to edit /etc/bind/named.conf.options.

/etc/bind/named.conf.options

The change is really simple, uncomment the forwarders directive and modify the IP address within to be your local router or your ISP DNS servers. Mine is similar to the following:

forwarders {
  192.168.0.1;
};

Local Name Resolution

The final step is to change your /etc/resolv.conf file to point your DNS server and to set the domain and search realm. This is what mine looks like:

domain dt.local
search dt.local
nameserver 192.168.0.1

Restart the bind9 daemon

After making all of these changes, the final is to restart the bind9 daemon. Oh, one other step is to change your computers to use this DNS server as the primary.

Configuration Files Examples

/etc/bind directory listing

/etc/bind# ls -la
drwxr-sr-x   2 root bind  4096 2010-08-01 17:52 .
drwxr-xr-x 141 root root 12288 2010-08-01 17:54 ..
-rw-r--r--   1 root root   237 2009-08-19 15:00 db.0
-rw-r--r--   1 root root   271 2009-08-19 15:00 db.127
-rw-r--r--   1 root bind   295 2010-08-01 17:22 db.0.168.192
-rw-r--r--   1 root root   237 2009-08-19 15:00 db.255
-rw-r--r--   1 root root   353 2009-08-19 15:00 db.empty
-rw-r--r--   1 root root   316 2010-08-01 17:14 db.local
-rw-r--r--   1 root root  2940 2009-08-19 15:00 db.root
-rw-r--r--   1 root bind   463 2009-08-19 15:00 named.conf
-rw-r--r--   1 root bind   573 2010-08-01 16:50 named.conf.default-zones
-rw-r--r--   1 root bind   165 2009-08-19 15:00 named.conf.local
-rw-r--r--   1 root bind   570 2010-07-16 11:58 named.conf.options
-rw-r-----   1 bind bind    77 2010-01-30 11:50 rndc.key
-rw-r--r--   1 root root  1317 2009-08-19 15:00 zones.rfc1918

./db.0.168.192

;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     dt.local. dtsfile.dt.local. (
        1         ; Serial
   604800         ; Refresh
    86400         ; Retry
  2419200         ; Expire
   604800 )       ; Negative Cache TTL
;
@       IN      NS      dt.local.
10     IN      PTR     dtsfile.dt.local.
11     IN      PTR     dtsvoip.dt.local.

./db.local

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     dt.local. dtsfile.dt.local. (
        2         ; Serial
   604800         ; Refresh
    86400         ; Retry
  2419200         ; Expire
   604800 )       ; Negative Cache TTL
;
@       IN      NS      dtsfile.dt.local.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1
dtsvoip.dt.local.       IN      A       192.168.0.11

./named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
  type hint;
  file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "dt.local" {
  type master;
  file "/etc/bind/db.local";
};

zone "0.168.192.in-addr.arpa" {
  type master;
  file "/etc/bind/db.0.168.192";
};

zone "127.in-addr.arpa" {
  type master;
  file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
  type master;
  file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
  type master;
  file "/etc/bind/db.255";
};

./named.conf.options

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

forwarders {
  192.168.0.1;
};

auth-nxdomain no;    # conform to RFC1035
  listen-on-v6 { any; };
};

/etc/resolv.conf

domain dt.local
search dt.local
nameserver 192.168.0.1

Onward and upward, today I will share a script I use for backing files on my Ubuntu Server. To start off and to help explain what the script does, let me first explain my configuration. I have an ESXi 4.0 server with 3 VMs, all Ubuntu Server instances for Core services (DNS, DHCP, Directory services), Email (Yahoo’s Zimbra), and File (SAMBA shares, LAMP). All of the servers have 30GB primary partitions, provisioned through VMware and located on an internal 500GB SATA. The File server has a additional partition on the 500GB drive for all SAMBA shares and a partition located on an internal 1TB SATA drive that is used for backup.

The script provides backup functionality for my music, pictures, user’s folders, et cetera to the backup drive. The secondary partition on the 500GB drive is mounted to /datashare/ and the tertiary partition on the 1TB drive is mounted to /databackup/.

The Script

#!/bin/sh
#####
#  backup files script, version 1.
#
#  this script keeps one tar file per month for 12 months and rsyncs the entire contents
#  to $destination/daily_replica.
#  the idea is to run this script at least once per day to ensure proper sync and monthly tar.
#
#  created by Aaron @ www.devtrends.com
#####

# location of backup files (recursive sub-folders).
backup_files="/datastore/share"

# location to place tar files and /daily_replica/ directory.
destination="/databackup/share"

#### no editing beyong this line is required!
#### function for TARing
funcTar()
{
 options="--create --file="
 echo " -- tar'ing up $1 to $2/$3"
 echo "   \ creating new archive file: $3"
 tar $options$2/$3 $1
 echo "   \ tar backup completed."
}
#### end funcion

#### CREATE MONTHLY TAR FILE
# Create new archive filename.
month=$(date +%m)
year=$(date +%Y)
archive_file="backup-$month.tar"
full_path_archive_file="$destination/$archive_file"

# do I need to create a new monthly archive file?
# check if the file exists
if [ -f $full_path_archive_file ]; then

 # get file date
 filedate=$(stat -c %y $full_path_archive_file)
 # extract only the year of the file
 filedate=${filedate:0:4}

 # check if the file year is not the current year
 if [ ! $filedate == $year ]; then

 # remove old file
 rm $full_path_archive_file
 # create new tar
 funcTar $backup_files $destination $archive_file

 else

 echo " -- no tar'ing required today."

 fi

else

 # create new tar
 funcTar $backup_files $destination $archive_file

fi
#### DONE WITH TAR

#### rsync time...
echo " -- rsync $backup_files to $destination/daily_replica"
rsync -a $backup_files $destination/daily_replica
echo "   \ rsync completed."
####

If you hate copy and paste, you may download the script here.

Explanation

For those that care, let me explain the script. The first two variables, $backup_files and $destination, should be the only variables you will need to change if you wish to use the script as I do.

# location of backup files (recursive sub-folders).
backup_files="/datastore/share"

# location to place tar files and /daily_replica/ directory.
destination="/databackup/share"

The next block of code is the function used to create the tar file. The reason I made it into a function is because I use the same block of code twice in the main section of the script. No reason to duplicate code. However, the way I implemented the function may cause a problem if your $backup_files or $destination variables contain spaces. If anyone would like to revised, please share. The $1, $2, et cetera, are the argument variables as passed by the calling statement.

funcTar()
{
 options="--create --file="
 echo " -- tar'ing up $1 to $2/$3"
 echo "   \ creating new archive file: $3"
 tar $options$2/$3 $1
 echo "   \ tar backup completed."
}

Next I define some variables that I will use throughout the script. The first two are date strings that contain the month (e.g. 11) and the year (e.g. 2009). The third and fourth variables hold the location of the tar file. The tar file name is comprised of the word “backup-” and then the variable of the month.

month=$(date +%m)
year=$(date +%Y)
archive_file="backup-$month.tar"
full_path_archive_file="$destination/$archive_file"

The main section of code is next and consists of a nested if statement. The first if statement checks if a current backup tar file exists, if not, then it will create one, otherwise it will check the status of the current backup tar file. If the current tar file modified date is not in the current year, then it removes that tar file and recreates it, otherwise there is no need to tar anything. The most interesting piece is the substring command, ${filedate:0:4} which only returns characters 0,1,2,3 from the variable $filedate. You will also notice the use of stat, which, depending on your distribution of Linux, you may need to manually acquire.

# do I need to create a new monthly archive file?
# check if the file exists
if [ -f $full_path_archive_file ]; then
 # get file date
 filedate=$(stat -c %y $full_path_archive_file)
 # extract only the year of the file
 filedate=${filedate:0:4}

 # check if the file year is not the current year
 if [ ! $filedate == $year ]; then
  # remove old file
  rm $full_path_archive_file
  # create new tar
  funcTar $backup_files $destination $archive_file
 else
  echo " -- no tar'ing required today."
 fi

else
 # create new tar
 funcTar $backup_files $destination $archive_file
fi

The last statement is the rsync command which synchronizes the entire content of the $backup_files location to the $destination/daily_replica/ location.

echo " -- rsync $backup_files to $destination/daily_replica"
rsync -a $backup_files $destination/daily_replica
echo "   \ rsync completed."

Use this script at your own risk. If it turns out it didn’t back up your stuff, that is entirely your problem, not mine.

-Aaron Gilbert

VGA Mode

For those DOS’ers, do you remember “mode 80″ or “mode 40″? If you know of a quick command for Linux consoles let me know … otherwise, you can use the tip below to modify your screen resolution.

/boot/grub/menu.lst

The key to changing the screen mode / screen resolution is to modify the menu.lst file and add the vga=[mode #] some where in the kernel call line – or at the end of it. After searching the Internet for some time, I compiled a list here of many of the vga modes available:

VGA MODE          MODE#
80x25              3840
80x50              3841
80x43              3842
80x28              3843
80x30              3845
80x34              3846
80x60              3847
320x200x8bit        816
320x200x16bit       782
320x200x32bit       783
320x240x8bit        820
320x240x16bit       821
320x240x32bit       822
640x480x8bit        769
640x480x16bit       785
640x480x32bit       786
800x600x8bit        771
800x600x16bit       788
800x600x32bit       789
1024x768x8bit       773
1024x768x16bit      791
1024x768x32bit      792
1280x800x8bit       864
1280x800x32bit      865
1440x900x8bit       868
1440x900x32bit      869

On my Ubuntu Server, the kernel line was:

kernel         /vmlinuz-2.6.28-11-server root=/dev/mapper/ubuntuserver-root ro quiet splash

and I added vga=792 to the end of it:

kernel         /vmlinuz-2.6.28-11-server root=/dev/mapper/ubuntuserver-root ro quiet splash vga=792

I’m out…