blog.kaniski.eu I just wanna learn!

15Jul/1413

Office 365 and BIND

And now… something completely different. Smile

The other day I was “playing” with setting up Office 365 for one of our clients – they have Linux machines for their DNS servers, and BIND as their DNS solution. As this was my first encounter with configuring BIND by myself, I just wanted to share steps I’ve taken to make it work (in my lab environment) – maybe it will help someone…

DISCLAIMER: I’m not a Linux/UNIX expert! I try to figure out what I need, and then try to make this work… with the help of Internet resources (or experts), of course. There is plenty of resources on how to do this already, but I like to have things in one place if I need them again. Smile

So, I’ve began my experiment with wondering which Linux distribution should I take. After some consulting (thanks, Ingrid Smile), the final choice was pretty easy – Fedora (criteria – had to be relatively easy to use (for non-Linux person like me), had to work in Hyper-V without much trouble, and there should be someone who can help if I got stuck). Smile

After a pretty simple installation process (wizard, Next, …, Next, Finish), I’ve had my Fedora box up and running.

image
Now, the more complicated part – setup this box to be BIND server, and load the correct records in it, so that Office 365 can add and verify my domain.

Here are the high-level steps (I’ve used Terminal, with su rights):

1. install few packages to get things up and running:

2. configure the BIND (DNS) server to run at startup:

3. query the firewall rules for UDP port 53 access:

4. open the required firewall ports (list of TCP and UDP ports):

5. edit the /etc/named.conf file:

6. comment the lines that are preventing your BIND server from responding to “outside” requests:

7. add your local subnet to allowed list (and add some forwarders for resolving other domains and records):

8. enable recursion:

9. add your zone and a “pointer” to your zone file:

10. create and edit the zone file specified:

11. add the required records to your zone file (by the instructions that Office 365 gives you; sorry about the formatting):

12. save the files, and check the new zone:

13. restart the service and start using it:

And Office 365 response after this – success! Smile

image
Things I’ve learned during this “adventure”:

  • you should be careful about the trailing “.” (dot) in FQDN-s that you are using – if you miss it somewhere, you’ll get errors loading the zone
  • there are great guides that can help you – one of them is BIND9 Server: How to (although I’ve seen it a bit too late Smile)
  • don’t be afraid to ask for help!

I cannot stress this enough – this recipe is not the secure way of doing things – it’s sole purpose is to make BIND work in my lab environment!

If I missed (or misunderstood) something, feel free to comment and correct me.

Cheers!

Updated (20160917): There was a tiny error in my zone file - switched priority and wieght fields (thank you, Lenny, for pointing it out).