![[Note]](images/note.png) | Note |
|---|---|
|
Mail server in this example is named |
First, we need to check our hostname
atlantis:~# hostname -f
atlantis.example.com
If hostname did not return FQDN of your server edit
/etc/hosts. You hosts file
should look something like this, if not, change according to your IP
address and server name.
127.0.0.1 localhost YOUR-IP-ADDRESS atlantis.example.com atlantis
Now check your /etc/hostname file it should
contain your fully qualified domain name:
atlantis.example.com
Change the names to match your server name and reboot the server.
Run hostname -f again and you should see atlantis.example.com.
Now, we need to check that our DNS servers have an MX record for our
example.com domain. If you
haven't done so already Install DNS utilities:
apt-get install dnsutils
We are going to use host command to check information about our domain:
atlantis:~# host example.com
example.com has address YOUR-IP-ADDRESS
example.com mail is handled by 0 mail.example.com.
We can see that the mail for our domain is handled by mail.example.com. Which server is
supposed to handle mail for your domain is handled by the so called MX
records in your domains zone file. Setting up DNS zone files is out of
scope for this document.
Now we must make sure that mail.example.com points to the same
address as our server (atlantis.example.com).
atlantis:~# nslookup mail.example.com
Server: YOUR-DNS-SERVER
Address: YOUR-DNS-ADDRESS#53
Non-authoritative answer:
mail.example.com canonical name = atlantis.example.com.
Name: example.com
Address: YOUR-IP-ADDRESS
It would be also nice if your reverse DNS points to the same name
(atlantis.example.com).
atlantis:~# nslookup YOUR-IP-ADDRESS
Server: YOUR-DNS-SERVER
Address: YOUR-DNS-SERVER#53
Non-authoritative answer:
YOUR-IP-ADDRES-REVERSE.in-addr.arpa name = atlantis.example.com.
If they do not match you will probably have to ask your ISP to change this for you.
RBL lists that we are going to setup later as one of our anti-spam measures rely on the DNS service for it's operation. To speed things up a little bit, and avoid hitting remote DNS servers for repeated requests we are going to install BIND9 and use it as our caching DNS server.
apt-get install bind9 dnsutils
Edit the /etc/bind/named.conf.options
file, uncomment the forwarders section and set it to use your ISP's DNS
servers (you can probably find them in the
/etc/resolv.conf).
forwarders {
DNS1-IP-ADDRESS;
DNS2-IP-ADDRESS;
};
If you want caching for this server only, under forwarders section add:
listen-on { 127.0.0.1; }
allow-transfer { none; }
allow-query { 127.0.0.1; };
You also need to comment out the listen-on-v6 {
any; }; line.
Edit /etc/resolv.conf and add
nameserver 127.0.0.1 at the top of your
nameservers list.
Restart BIND9 with /etc/init.d/bind9
restart and you are done. You can check if it's working
by using dig to check for a remote
domain record and monitor the Query
time in the output which should on the second request
return an "1 msec", because it should be fetched from the cache.
If you are not using DNSSEC or IPV6 take a look at the Errors section to fix a couple of minor misconfigurations in the default installation.
![[Warning]](images/warning.png) | Warning |
|---|---|
|
If you are on a VPS with a very, very limited ammount of RAM available to you you might want to examine the max-cache-size directive beacuse DNS cache is located in RAM. |