DNS Operations
Challenge Gallery
Quick Reference
BIND Commands
| Command | What It Does |
|---|---|
named-checkconf |
Validate named.conf syntax |
named-checkzone example.com /path/to/zone |
Validate a zone file |
rndc reload |
Reload all zones without restarting |
rndc reload example.com |
Reload just one zone |
rndc status |
Show BIND server status |
systemctl status named |
Check if named is running (RHEL/CentOS) |
systemctl status bind9 |
Check if named is running (Debian/Ubuntu) |
dig @localhost example.com |
Query your local DNS server |
dig @10.0.0.2 example.com A |
Query a specific server for A records |
dig -x 10.0.0.5 |
Reverse DNS lookup |
Zone File Format
$TTL 86400
@ IN SOA ns1.example.com. admin.example.com. (
2024032701 ; serial (YYYYMMDDNN — increment on EVERY change)
3600 ; refresh (seconds before secondary checks for updates)
900 ; retry (seconds before secondary retries after failure)
604800 ; expire (seconds before secondary gives up)
86400 ; minimum (negative cache TTL)
)
; Name servers
@ IN NS ns1.example.com.
@ IN NS ns2.example.com.
; A records (name → IPv4)
@ IN A 10.0.0.1
ns1 IN A 10.0.0.2
www IN A 10.0.0.5
mail IN A 10.0.0.10
; CNAME (alias → canonical name)
ftp IN CNAME www.example.com.
; MX (mail exchange — needs priority number)
@ IN MX 10 mail.example.com.
Critical Syntax Rules
| Rule | Why |
|---|---|
| Trailing dot on FQDNs | ns1.example.com. Without the dot, BIND appends the zone name |
| Increment serial on every edit | Secondaries compare serials; same serial = no update |
| MX needs a priority number | MX 10 mail.example.com. not MX mail.example.com. |
| Semicolons in named.conf | Every statement ends with ; — missing one kills the whole config |
allow-query { any; }; |
Needed if external clients must reach your DNS |
listen-on { any; }; |
Needed if BIND must answer on all interfaces |