# Newbie Questions: BIND9 Confusion



## jeffbsd (Jul 14, 2011)

I'm trying to teach myself networking by running a few VMs in Virtualbox. I got everything working how I want with dnsmasq for DNS and DHCP and natd for gateway routing. Virtualbox is on my OSX machine, which goes out to 192.168.200.1 on my home DSL router. Everything worked fine with dnsmasq and natd, so I know Virtualbox's virtual network interfaces are setup right.

I'm moving on to BIND9 and dhcpd now and getting confused. I guess BIND9 is somewhat different from BIND8, which was in turn much different from previous versions, so I'm having trouble finding good, current tutorials online. Here are some questions I have:

I've never really understood the /etc/resolv.conf file when running a DNS server. I can't remember what I did to it when I had dnsmasq working. It always resets itself to my DNS router's _search_ and _nameserver_ values ("westell.com" and "192.168.200.1"). Is that what it's supposed to be doing? Is it supposed to be set to the private network's domain and nameservers, i.e., 127.0.0.1? If not, what should I set it to and how do I get it to not reset itself? 

If I setup BIND9 to be a caching-only server with no zones (which is what I'm going for to start with), will it somehow resolve addresses on the private network, i.e., if I ssh into another machine, should I be able to use the unresolved hostname of the other machine? Or do I have to use the IP address (assuming it got one from dhcpd) unless I setup some zones?

Also, for the caching-only server, where is the cache stored? I'd like to have a look at it just to see what's in there. 

I know these are newbie questions, but I'm trying to learn this stuff on my own and don't have anyone else to ask.

Thank you!


----------



## kpa (Jul 14, 2011)

To prevent dhclient(8) from overwriting your own /etc/resolv.conf make a file /etc/dhclient-enter-hooks with contents:


```
add_new_resolv_conf () {
        return 0
}
```


----------



## SirDice (Jul 15, 2011)

Don't use DHCP on servers. Assign a static address to them. Double check the values your DHCP is serving. Make sure it supplies the correct DNS servers.



> If I setup BIND9 to be a caching-only server with no zones (which is what I'm going for to start with), will it somehow resolve addresses on the private network, i.e., if I ssh into another machine, should I be able to use the unresolved hostname of the other machine?


No.


> Or do I have to use the IP address (assuming it got one from dhcpd) unless I setup some zones?


Yes.


----------



## jeffbsd (Jul 15, 2011)

SirDice said:
			
		

> Don't use DHCP on servers. Assign a static address to them. Double check the values your DHCP is serving. Make sure it supplies the correct DNS servers.
> 
> 
> No.
> ...



Okay, got it. That clears up the zone issue. The main link would be in the glue records of the zone file, right? If so, then what happens if dhcp hands out a different IP later on than the one I've glued to a host in a glue record?


----------



## SirDice (Jul 16, 2011)

For servers this won't matter as they have a static IP address. For clients you can combine DHCP and DNS to add entries 'on-the-fly'. It's called Dynamic DNS or DDNS.

In named.conf you add a key:

```
key DHCP {
        algorithm HMAC-MD5;
        secret "[somegeneratedkey]";
};
```
Then for each zone allow updates:

```
zone "dicelan.home." {
                type master;
                notify no;
                file "/etc/namedb/dynamic/dicelan.home";
                [b]allow-update { 127.0.0.1; key DHCP; };[/b]
        };
```

And in dhcpd.conf:

```
ddns-update-style interim;
ignore client-updates;

key DHCP {
        algorithm HMAC-MD5;
        secret "[somegeneratedkey]";
}
```


```
zone dicelan.home. {
        primary 127.0.0.1;
        key DHCP;
}
```
This assumes both BIND and DHCP are running on the same machine. You'll also need to add the appropriate reverse zone(s) in a similar fashion.


----------



## SirDice (Jan 11, 2012)

It tries to update a FQDN that's not part of your zone.


----------

