Configuring bind9 on Ubuntu 10.04

Some of the applications on Ubuntu 10.04 like Gwibber can fail if they don’t get responses quickly enough from a DNS so one solution is to run a local copy of Bind9.

This article covers how to install bind9 on Ubuntu 10.04 to act as a local dns server speeding up dns queries, configuring bind with your local network, adding slaves and how to use bind with remote servers over a vpn.

Adding a slave

A slave dns server is one that can resolve requests but is not authoritive (i.e. has the address definitions) but instead gets the addresses from a master. Normally you would create a slave so that you have two or more servers running, giving yourself some backup in case your master dies for some reason.

This setup is similar to creating a master, except you don’t create the zone files – they are transferred and synchronised automatically.

On your slave, install bind then in named.conf.local add something like the following:

zone "" {
        type slave;
        file "/etc/bind/zones/";
        masters {; };
        forwarders { };

zone "" {
        type slave;
        file "/etc/bind/zones/rev-192.168.2";
        masters {; };
        forwarders { };

Here we are defining our zones but this time they are slaves. We are telling bind to store the zone files into a custom directory and that the master dns server is on

I use /etc/bind/zones so that the transferred zone files are kept separate but the name of this directory is up to you.

Now on Ubuntu, bind9 uses apparmor to prevent it from writing to parts of the disk it’s not meant to, so we must add a rule to allow it to write to this directory. Edit the file /etc/apparmor.d/usr.sbin.named and locate the line /etc/bind/** r. After that line you need to add /etc/bind/zones/** rw. It should look like this:

  /etc/bind/** r,
  /etc/bind/zones/** rw,

Next we need to create that directory, set the permissions and the reload both apparmor and bind:

peter@kira:~# cd /etc/bind
peter@kira:/etc/bind# mkdir zones
peter@kira:/etc/bind# chmod 775 zones
peter@kira:/etc/bind# service apparmor reload
peter@kira:/etc/bind# service bind9 reload

Now it should be working and automatically transfer the zone file. If it does not work then you can look at the /var/log/daemon.log which should tell you what’s breaking. As long as you have sorted apparmor then the usual problem is the master refusing the zone transfer.

If you see something like the following in /var/log/daemon.log then you haven’t got apparmor configured correctly or you missed the chmod out – in either case its because bind cannot write to the directory:

May 18 14:52:32 kira named[17622]: dumping master file: /etc/bind/zones/tmp-OUhoZ2lwv8: open: permission denied
May 18 14:52:32 kira named[17622]: transfer of '' from failed while receiving responses: permission denied
May 18 14:52:32 kira named[17622]: transfer of '' from Transfer completed: 0 messages, 12 records, 0 bytes, 0.349 secs (0 bytes/sec)

Next we’ll cover how to add remote zones when using VPN’s

Author: petermount1

Prolific Open Source developer who also works in the online gaming industry during the day. Develops in Java, Go, Python & any other language as necessary. Still develops on retro machines like BBC Micro & Amiga A1200

4 thoughts on “Configuring bind9 on Ubuntu 10.04”

  1. Great page. It worked just like you said it would.
    I have set up secondary DNS on Ubuntu 10.04, and the zones have transferred from Go Daddy’s Primary DNS to my secondary.

    It would be great if you could put some info regarding TSIG on Ubuntu 10.04 for secondary DNS.

    Great page! Thank you for sharing.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s