Category Archives: Bind

Find a file using Linux find Command

If you need to find a file anywhere on a server, what directory it is in or not, the Linux Find command is your go to command! Here are some basic usage cases:

Find a file in the current directory:

find . -name "this-file.php"

Find a file anywhere on the server above the root directory:

find / -name "filename.php"

Notice in the first example we used a period and in the second we used a forward slash. The period means to search the current directory and the forward slash means to search from the root directory and will basically find a file anywhere on the file in the root directory or any of its sub-directories.

Perform a case-insensitive search:

The above commands all use the -name parameter which performs a case-sensitive search. To perform a case-insensitive search, replace -name with -iname in the above examples, like so:

find / -iname "filename.php"

Perform a wildcard search:

The wildcard character is *. If you want to find all .php files, for example, use the following command:

find / -iname "*.php"



How to change DNS settings on your local PC

Have you ever been working on a website, changed your DNS settings over to a different server and later needed to access that server again from the old domain name for some reason? Well if you are an active developer, this situation is somewhat common. I'll explain or you can skip the rest of this paragraph to quickly learn now to do it. Let's say you own the domain name and a web server with an IP address of Now assume you have a WordPress blog on that server that you had to move to another server with IP Let's say you already changed the DNS settings for to point to the new server with IP but you need to go back to the original WordPress site on the other server with an IP of What do you do? We all know a WordPress site won't function properly with just the IP address, so that is out. What you need to do is repoint to in order to access that WordPress site again. What a PITA, right? Well read on and I'll show you a fast and easy way to make the site on the original server work with even after you've pointed it to another IP address or web server! It's as simply as controlling a local host file on your local PC to make route to even though the internet routes it to! Here's how:

Using hosts file to override DNS settings for your PC

A lot of people don't realize that when you make a request to the Internet using your local computer it first checks a local copy of the hosts file for an entry and only if one isn’t present it goes out to the Internet DNS servers. Therefore there's an opportunity present for you to redirect only for your own PC if you wanted to! Here are the easy steps:

  1. Open file explorer and navigate to C:\Windows\System32\drivers\etc.
  2. Open the file named "hosts" in notepad or another text editor that could be used as a code editor such as Notepad++, which is what I use.
  3. Now simply add a line to the end of the hosts file that contains the IP address of the server you want to route the domain name too followed by a space and then the domain name you want to reroute. So in our example scenario above, you would enter a new line that reads simply:
  4. Save the hosts file and open your browser and navigate to the domain which in our example was Note that there is a difference between and, so if you want it to work with www, you have to add another entry for

If you're using Notepad++ or similar as I was, you'll need to open it in administrator mode in order to be able to save the hosts file. Good luck! That's all there is to it.

How to change local DNS settings on a Mac

If you're on a Mac, the instructions are basically the same but do this instead:

From the terminal, type:

nano /private/etc/hosts
and then add the IP and domain name as described above, so the only real difference between Mac and a PC when it comes to changing DNS settings is that you will use a different editor and the hosts file is located in different places.



How to Use IPTables

What is iptables?

iptables is a fairly flexible firewall system developed for Linux/Unix operating systems and used commonly for web server administrators to block access to servers by IP address or groups of IP addresses. It can also be used to white-list IP addresses as well. It is a command line tool that allows server administrators to enter simply one line commands to add, edit or delete rules for accessing the web server from the outside world.

Understanding iptables Infrastructure

Understanding the infrastructure of iptables in an important component to learning how to use iptables. Basically there are tables, chains and rules. Tables contain chains and chains contain rules. Here is a simple graphic to illustrate my point:


There are four default tables in iptables and you can add others if you want to get deep into config options. However, I recommend using the default tables to keep things simple. In fact, the filter table is the only one we will be messing with for now. The four default tables are filter, nat, mangle and raw.

  • Filter Table - default table for iptables. If you do not define a table, you’ll be using the filter table. The filter table has the following built-in chains:
    1. Input Chain - handles incoming connections.
    2. Output Chain - handles outgoing connections.
    3. Forward Chain - handles routing of connections like a router.
  • Nat Table - Consists of prerouting, postrouting and output chains. The prerouting chain helps translate destination ip address of the packets to match the routing on the local server. The postrouting chain translates packets as they leave the system and alters packets after routing. The output chain is NAT(Network Address Translation) for locally generated packets on the firewall.
  • Mangle Table - for specialized packet alteration. We will leave this table alone for now as it it outside the scope of this tutorial, but just know it is there.
  • Raw Table - for configuration exemptions. Raw table has a prerouting chain and an output chain.

Chain? WTF does my server need Chains for? Is it winter already?

When using iptables, there are basically three types of chains that we are mainly interested in. They are input chains, output chains and forward chains, the three chains from the filter table described above.

  • Input Chain - used to control the behavior of incoming connections. For example, if a user attempts to SSH into your server, iptables will attempt to match the IP address and port to a rule in the input chain.
  • Output Chain - used with outgoing connections. For example, if you try to ping, iptables will check its output chain to see what the rules are regarding ping and before making a decision to allow or deny the attempt to connect.
  • Forward Chain - used for incoming connections that aren’t delivered locally. It is something like a router where data is always being sent to it but is not destined for the actual router. Data is forwarded to its target. Unless you’re doing some type of routing or NATing  that requires forwarding, you probably won't use a forward chain much if at all.

Understanding iptables Commands

In order to use iptables in Linux, you need to know the basic commands, so I'll go over some of the more common iptables commands here for your learning pleasure!

Note that after you make any change, it is important to save iptables with the following command on Debian/Ubuntu servers:


or in some cases


The save command is a little different for other servers, so take note of the one that applies to your server as noted below:

  • Centos / Redhat: service iptables save or sudo service iptables save if you are not root user.
  • If that didn't work, try:  /etc/init.d/iptables save with and without sudo first.

If you don't save after a change by typing the above at your command prompt and hitting enter, you will most likely lose your changes and/or they will never take effect.

iptables Command to Block a Single Simple IP address

If you wish to simply block an IP such as from accessing your server in any way and from any port, type this at your command prompt and press enter, then save:

iptables -A INPUT -s -j DROP

Whenever possible, always test to be sure your iptables rules work after adding then to be safe. Be sure to save using the appropriate iptables save command as mentioned above after you successfully enter your new rule.

Blocking all IP addresses but your own with iptables

If your server is getting throttled and you want to lock it down immediately or you are simply under construction and don't want anyone but you to be able to access your server, here is how you can block all IP addresses from accessing your server and white-list just one or more IP addresses that will be able to access your server:

iptables -A INPUT -s -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT DROP

First, you should flush your current rules(see below). Then simply replace with your own IP address in the commands above and enter each of the four commands one at a time from the command line, pressing enter after each, then save iptables.

Flushing iptables rules

To get rid of all active rules in iptables, enter the following command at the Linux command prompt:

iptables -F

Deleting Single iptables Rules

If you entered one or more iptables rules you want to delete without deleting the entire configuration, here is how to do it:

  1. List numbered rules using this command: sudo iptables -L INPUT -n --line-numbers
  2. To delete the first rule enter: sudo iptables -D INPUT 1(where 1 is the line number you want to delete)
  3. Confirm deletion took place by running the first command again and verify the rule is no longer present: sudo iptables -L INPUT -n --line-numbers
  4. Save iptables to be safe: sudo iptables-save


Restrict Number of Connections Per IP

Use connlimit to place restrictions on the number of connections allowed per IP address. To allow 4 ssh connections per client host, enter:
# iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 -j REJECT

Set HTTP requests to 20:
# iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j DROP

  1. --connlimit-above 3 : Match if the number of existing connections is above 3.
  2. --connlimit-mask 24 : Group hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32.


What is this nonsense after the slash in iptables ip addresses?

This is what I need to touch on before we go much further because you've no doubt seen existing rules in your iptables with IP addresses listed similar to:

...and have surely wondered why there is a slash followed by a number after the ip addresses listed in your iptables rules. Well I'll explain as best as I can in the next section as it is a little complicated to explain...

Knowing how to read and write more complex iptables rules with CIDR notation.

Learning to write iptables rules can get very frustrating if you don't understand how the notation works. CIDR, Classless Inter Domain Routing notation, is often confused with network masks which are similar but not the same. I will offer my best explanation of CIDR notation here which I've gathered from several different sources to put together an explanation I feel comfortable with:

Imagine an IP address something like xxx.yyy.zzz.www/N, where N is the number of bits from 0 to 32. Each of the other numbers represents one byte out of the 4 bytes that make up an IP address. N says how many BITS of those 4 bytes matter. So any address that looks like 10.X.Y.Z/8 refers to ANY IP starting with "10.": 8 bits = 1 byte, meaning everything after the first byte is ignored. The convention is to use zeroes in the ignored positions, so the canonical name for that subnet is Most of the time, N is a multiple of 8, so it says to ignore a certain number of bytes.

Once in a while, you'll see something other than that, like a /29. This means that PART of one of the bytes is ignored. For simplicity's sake however, we will stick to multiples of 8 in this guide.

It's also important to note that if the N is omitted, then it's usually assumed to be 32, i.e. a single IP address specification.

So, taking what I've just explained above regarding CIDR notation, Here are some general examples of how netmasks work in conjunction with iptables rules:  - A CIDR of 8 bits means that only 1 of 4 possible bytes of the IP address is noted as represented by the "10" here. so this would cover the IP range from to In other words any IP address starting with "10.". - A CIDR of 16 means that 2 of 4 possible bytes of the IP address are noted as represented here by "100.50.". In this case, a range from to is covered. - A CIDR of 24 means that 3 of the 4 IP address bytes are noted as seen here with "92.50.8." This time a range from to is represented.

Those should be the three most common types of CIDR notations. Following the above pattern of incrementing the number of bits by 8, the next logical example would be something like While that is a perfectly good notation and will work, it is also moot because 32 bits would represent the entire IP address, so you might as well enter it without the CIDR notation(with no slash and number after the IP).  In iptables rules, means the exact same thing as simply putting

What do Bytes and Bits have to do with IP Addresses?

Good question, glad I asked myself! To properly understand how CIDR notation works you have to understand the math behind it. A Byte is made up of 8 bits(that's why we increment by 8 in our previous examples). An IP address is made up of 4 Bytes or 32 Bits(4x8=32).

As you probably know, an IP address is made of of four numbers separated by dots or periods(.) like this: N.N.N.N where N can be any number from 0 to 255. This raised a question in my mind: In an IP address byte, how does a range from 0 to 255 have 8 bits? Well my question just goes to show I don't fully understand how Bytes and Bits correspond with numbers because I googled around and discovered that indeed Eight binary bits can represent any whole number from zero to 255, so the segments of a dotted decimal address are decimal numbers with a range from 0 to 255.  I think it's enough for now to understand that it is correct without getting into exactly how Bytes and Bits work with IP addresses because I don't want this tutorial to confuse you even more. Let's just know for now that 1 Byte = 8 Bits and that a Byte can be any number from 0 to 255 in an IP address which is made up of 4 Bytes and/or 32 Bits. If anyone would like to explain how this works in more detail, feel free to make a comment on this post and I'll make sure it gets published.

How to Restart a Web Server with PHP

Today, I had the task of having to write a PHP script that restarts a web server. This is not allowed by default. It should be noted before I continue, that it is not allowed because it opens a security hole. It makes possible a server attack that would lock up your server by constantly restarting it from PHP. However, now that you're aware of the risk, if you still wish to continue. Here is how it is done:

PHP Code:

    if(exec("sudo service nginx restart")) {
            echo "server restarted!<br />";
            echo "ERROR! Server failed to restart!<br />";

Test the above code. NOTE: it is likely not to work because normally you will have to edit the sudoers file on the server.

Edit the Sudoers File to Allow PHP to Use the Restart Command

On the Linode/Nginx server I am working on currently the sudoers file can be found at /etc/sudoers. It can be found in a similar location on most Linux servers. In order to edit the sudoers file on a Linux NGINX server, simply open the file and add the following to the end of the file and save it before restarting the web server:

www-data ALL=(ALL) NOPASSWD: /usr/sbin/service nginx start,/usr/sbin/service nginx stop,/usr/sbin/service nginx restart

Note that your server may require you to edit the sudoers file with visudo.



Buy Scripts, Applications and Web Tools at

Yes, I finally am starting to sell some of my products that I have been developing for over 12 years now. I am only putting together the best tools I have made and remaking certain ones I find the most useful for sale on my website,

Types of Products for sale on

  • Email Marketing tools
  • Domain name tools
  • DNS tools
  • Server administration tools
  • webmaster tools
  • PHP tools
  • Customized tools for business
  • Have me build one custom for you if you don't see what you need

CLICK HERE TO VISIT and see what's listed for sale now. However, I do not have them all listed yet, so drop me an email or give me a phone call at 330-903-6074 or 330-417-3617 to find out how I can help you.


Want to learn more about SEO? Check out these relative books from Amazon:

Be sure to visit to view my portfolio and see the web development services I offer! You an also email me at if you need anything.

Domain Name and Nameserver Tools

This is a simple list of links I put together for anyone needing help with domain name monitoring and nameserver set up. They are meant to give you information regarding your domain name, IP address and nameservers. - This site is one I use regularly to make sure my domain name is pointed right and to test nameservers for that domain or nameservers that I have built. is a great place for gathering WhoIs info for your domain and if you look around a bit they have other useful domain name tools and info. has a useful tool for running all sorts of DNS tests on a domain name. - is a great tool for checking to see if your domain is pointed to the proper server. Looking up your IP address and getting nameserver information for the domain name and/or IP address. IT lists MX records, A records, nameserver IPs and other host file data and zone information that is useful.

FYI - If you need custom domain name tools or SEO tools, I specialize in developing such tools for the internet. Web-based domain name, SEO, Calculators and business development tools are my no. one specialty. If you need any such custom tools contact Ian at and we can work something out and get a free estimate on the spot.


 Virtual Work

Need to hire the perfect coder, designer, developer or graphics specialist? EmployWorkers has all areas of Information technology covered and more.

Virtual employment agency

Where work that needs done, gets done.

Need to find work in the Information Technology field, is for you! We employ all skilled workers in a vast array of areas including, but not limited to graphic design, logo design, Photoshop, web design, web development, application development, special needs coding, PHP, HTML, CSS, SEO, writing of all types, programming of all types and much more. If you need work, visit today and sign up for free. Finding work online has never been easier!

I, Ian L. of have created to fill a niche left open by the buyout of They had a simpley to use website for posting jobs and finding work. I have expanded on the idea by making it even easier to sign up, post jobs and find work all for free. You never pay a cent, we collect a small percentage of the project price only in cases where a job was completed satisfactory and accepted by the employer. We have a zero risk policy where you don't pay anything until you are satisfied with our services. Money for projects is held in escrow so the worker knows he will be paid once he fulfils his contract with the employer, but employers can dispute at any time they feel there is a breech in the contract and get their escrowed funds returned to them hassle free. Most times you will find that satisfaction is standard however because uses a skilled pool of workers and expertly matches the most qualified workers with your project.

Go ahead and visit today and give it a try whether you are an employer seeking assistance on a project or a worker looking for your next project, we have got you in mind!

Write newline to shell script with PHP without control M showing up

Okay, this was one of the most aggravating experiences I had today. I spent over two hours trying to get rid of the annoying Control characters followed by an M in the named.conf file that was writing to from a PHP script. Therefore I posted this post to help anyone else that has this issue. What's weird is the solution that worked I tried as one of my first attempts, but I must have uploaded the file with the change wrong because it didn't take, but anyway, this is the solution:

Example Problem:

I was writing a new line to the named.conf file and at the end of the line, I wanted a newline so next time I write to the file, it is on a new line. Here is something like what I had in my PHP file that writes to the config file:

$line = "zone: a zone file named here...


Then when I open my named.conf file in the VI editor I get this:

zone: a zone file named here...^M


$line = "zone.......some text here n";

So, as you can see the solution is simply to include the n newline in Linux for PHP to write a newline to the end of the line in the file. I did this after trying just about everything else, so good luck with your project and upload everything twice if you are not sure because that's what ended up costing me two hours of coding time.


Write a PHP Script to List Domains in Bind Named DNS

The following PHP code can be used to list the domain names in a bind DNS nameserver. It gets the domains from the /var/named directory. If your DNS server has its host files in a different directory, you may have to edit the script to include that directory. You will also have to edit the nameserver host file name to keep it from showing up in the list of domains since you probably don't want to show that file as it isn't for external domains and is for the nameserver itself.


//List Domain names in BIND9 server
//script created by Ian L. of
//created on 2-23-2013
//Version: 1.00
//Last updated on: 2-23-2013 by Ian L.
//Description: Lists existing domain names in BIND DNS server according to the files in the /var/named directory

if ($handle = opendir('/var/named')) {
//start counter:
$cnt = 1;
    while (false !== ($entry = readdir($handle))) {
        if ($entry != "." && $entry != "..") {
        //see if it is a host file and list if so:
        //does the entry contain ".hosts"?
            if(strstr($entry,".hosts") && !strstr($entry,"")){
            //strip ".hosts" from entry:
            $domname = str_replace(".hosts","",$entry);
            echo "$cnt - $domname<br />";
            //increment domain count:
            }//end if contains .hosts then list it.

Edit the file and save it to the HTML directory or web root of your DNS server. You will have to replace "namserver_domain" with your nameserver's domain name and may need to edit the path to your master zone files. You also may need to edit the file extension or naming format of the zone files themselves. This script assumes you use the default zone file naming convention of, but if your DNS server uses something else, replace where it says hosts with whatever your server uses.

ADNUT Automatic Domain Name Update Tool

I have been building a lot of DNS applications lately and found a great need for a new  PHP simple dynamic DNS update application. My solution was ADNUT or the Automatic Domain Name Update Tool. ADNUT is mostly PHP with a simple layer coded in C to restart the named/Bind service in the background. I had to use a few lines of C to make it secure, but installation is simple if you follow the instructions. In fact it is much easier than any of the existing domain name update clients I have seen to date. Simplicity is the most essential element in coding in my opinion. If you start out simple, you can build something into anything you desire. This tool has that in mind. It started out as a Proof of Concept and later was developed into a fully functional PHP dynamic domain name update tool for Bind, Bind9 and/or Named.

Here is how to implement ADNUT on a Bind9 DNS server.

  1. Build and compile the named restart script by following the instructions at Just follow the part of the tutorial for writing and compiling the named_restart.c file and stop there.
  2. Start a new folder in your /var/www/html directory called adnut.
  3. Open your notepad application for coding and copy and paste the code in the next step and save the file as index.php in the adnut directory.
  4. <?php
    /* ############## ADNUT Automatic Domain Name Update Tool #######################
    * This script is for dynamic setup of Domain names within Bind9 DNS
    * Created By: Ian Lincicome of
    * ADNUT Website:
    * WARNING! Use at your own risk, Ian L. assumes no responsibility for issues arising from use of this script on any computer.
    //Configure the following variables according to your individual situation:
    $nameserver1 = "";  //main nameserver subdomain
    $nameserver2 = "";  //second nameserver subdomain
    //Dir and file info for config files(these defaults should work in most cases):
    $namedConf = "/etc/named.conf";          //path and name of named/bind configuration file
    $zoneDir = "/var/named/";                //Direcory to store zone files(often /var/named)
    <p style="font-weight:bold">Automatic Domain Name Update Tool</p>
    Instructions:<br />
    <li>Take a new domain name and point it to your nameservers in your domain name provider's control panel.</li>
    <li>Then simply enter the domain name below with the IP address of the web server you want to point it to and that web server's web root directory and wait a few min for the domain change to take effect. For more information visit <a href="">The ADNUT Blog</a>

    <form method="post" action="">
    <h2>Domain name info for zone and config files</h2>
    Domain name:
    <input type="text" id="dom" name="dom" value="" /><br />
    Time To Live(ttl):
    <input type="text" id="ttl" name="ttl" value="900" /><br />
    Web Server IP Address:
    <input type="text" id="ip" name="ip" value="" /><br />
    Admin Email Address:
    <input type="text" id="eml" name="eml" value="" /><br />

    <input type="submit" id="sbmt" name="sbmt" value="Create Records" /><br />
    Pushing the "Create Records" button will create a master zone file in var/named, edit the etc/named.conf file. Be careful using this tool, incorrect entries will crash your DNS server!<br />

    //now to process above info from form and insert the data in config files:
    if(isset($_POST['sbmt'])) {
    //collect form data:
    $dom = $_POST['dom'];
    $lifetime = $_POST['ttl'];
    $IP = $_POST['ip'];
    $eml = $_POST['eml'];
    //replace @ with . in email:
    $email = str_replace("@",".",$eml);

    //build the master zone file path and filename:
    $hostFile = $zoneDir.$dom.".hosts";

    echo "Setting up DNS entry for:<br />Domain name:$dom<br />TTL: $lifetime<br />Webserver: $IP<br />Webmaster Email: $eml<br />Nameserver 1: $nameserver1<br />Nameserver 2: $nameserver2<br />Master Zone File: $hostFile<br />named.conf File: $namedConf...<br />";

    //create the file in var/named(or dir from $zoneDir)
    //create serial number incremented ea. min by PHP date function:
    $serial = date("ymdhi"); //year, month, day, hour, min like: 1302300659
    $fh = fopen($hostFile, 'w') or die("can't open file");
    //prepare the contents of the hosts file:
    $stringData = "$ttl $lifetime
    $dom.  IN      SOA     $nameserver1. $email. (
                            3600 )
    $dom.  IN      NS      $nameserver1.
    $dom.  IN      NS      $nameserver2.
    $dom.  IN      A       $IP
    www.$dom.      IN      A       $IP";

    //write the contents to the host file in var/named:
    fwrite($fh, $stringData);
    echo "<p>data written to $hostFile</p>";

    //Append zone entry to the etc/named.conf(or file named in $namedConf):
    $fh2= fopen($namedConf, 'a') or die("can't open file");
    //prepare the contents of the hosts file:
    $stringData = "zone "$dom" {type master;file "$hostFile";};";
    //Append the contents to the config file:
    fwrite($fh2, $stringData);
    echo "<p>data written to $namedConf</p>";

    echo "<h3>Host file content:</h3><span  style='color:blue; text-decoration:underline' onclick='document.getElementById("showHost").style.display="";'>Show Master Zone file content</span><br /><div id='showHost' style='display:none'><pre>";
    //print contents of host file to screen:
    $file_handle = fopen($hostFile, "r");
    while (!feof($file_handle)) {
       $line = fgets($file_handle);
       echo $line;
    echo "</pre></div><br /><br /><h3>named.conf Content</h3><span style='color:blue; text-decoration:underline' onclick='document.getElementById("showConf").style.display="";'>Show named.conf file content</span><div id='showConf' style='display:none'><pre>";
    //print contents of named.conf file to screen:
    $file_handle2 = fopen($namedConf, "r");
    while (!feof($file_handle2)) {
       $line2 = fgets($file_handle2);
       echo $line2;
    echo "</pre></div><br /><br /><p>restarting named...</p>";
    //restart named using the named_restart script coded in C in the /var folder:
    echo "<p>The DNS server has been restarted to finalize your domain configuration... Your domain name should resolve to $IP within a few minutes, but may take up to 72 hours.</p>";

    }//end if submit button was hit.

  5. Now go to your browser and enter and you should see the front end of ADNUT. Before you do anything with it read the next steps.
  6. From your command line window, check the status of the named service  by typeing: sudo service named status and note the number of zones because you will need to verify they increase later.
  7. Test the app by first setting up the domain name you want to use. To do this, you must change the nameservers for that domain to your nameservers that you are running ADNUT with and which you should have configured ADNUT with by replaceing and with your own nameserver URLs in the above script.
  8. After you have pointed your domain to your nameservers, enter that domain name into the form along with the IP of the server you want it to resolve to and the admin email you want in the zone records then click "Create Record".
  9. Now if all went well, it will have created a new master zone file in your zones directory(var/named usually) and it will have added a line to your named.conf file and restarted the named service(restarted Bind DNS server). To verify this, type sudo service named status again and compare the number of zones with what you got before and it should be one greater if it worked. If not, troubleshoot by following some of the tips below.


First of all, if you are having problems, DNS is complex and not for beginners. If you would like to hire me to install this script and/or build one like it or even expand on it, I would be happy to do it for you at a very reasonable rate. My rates are far less than most developers with this type of knowledge in the USA, far, far less.

If the ADNUT script didn't work, try adjusting permissions. I think I had to temporarily change permissions of etc and var/named to get it to work. try that first, but be sure to tighten security before going live with your nameservers and ADNUT. If you have to give root permissions to the Apache or ec2-user to execute the named_restart script, then be sure to add a line to your sudoers file later and change permissions back to secure the server. Open them to get it working so you know what you need and close them later is what I normally do. Most likely if ADNUT is not working, it is due to permission errors so start there. Google "Running PHP script as root" for more help on permissions for this application.


How to Restart Named or Bind from PHP script

I struggled with this for hours so I am posting it so others don't have to. Here is how to restart your BIND DNS server or Named service from a PHP script.

Comple a C script to do the work

first change to su with:

sudo su

from the linux command line

Go to /var direcory and type vi named_restart.c to create a C file.

Then copy and paste the follwoing into the VI editor:

 * Script created by Ian L. of
 * Desc: restarts named DNS service

#include <stdio.h>
#include <stdlib.h>

int main() {
  if (!setuid(geteuid())) {
    system("/bin/echo '/sbin/service named restart > /dev/null 2>&1' | /usr/bin/at now");
  } else {
    printf("Couldn't set UID to effective UIDn");
    return 1;
  return 0;

Next enter the following commands at command prmpt"
cc -o named_restart named_restart.c


gcc -o named_restart named_restart.c

If neither of the above work, type:

yum install gcc

then try the gcc command again.

then type this at command line:
chmod +s named_restart

To test to see if it's working, type:
service named status
and make note of the no. of zones
Add a new zone to the DNS system then type:
from within the /var directory
Then type:
service named status
and see if the no. of zones increased by one. If it did, the script worked from the command line and you are halfway home.

Write the PHP script

Now it's time for PHP to do it's magic. Open a php file and enter the following PHP code:


That's all there is to it. You may have to fool around with permissions to get it to work, but this is what I used.


Install and Configure Bind DNS server for First Time

DNS is a heavy topic and not for newbies so much. I have been doing server admin for many years and It is still a challenge to work with Bind DNS sometimes. I have posted this guide here partly so I can replicate the process and partly so others can set up their own BIND DNS servers without so many headaches because none of the tutorials online I could find seemed to be complete, but here is the exact process that worked for me. I have installed and configured half a dozen of these by now, so have somewhat perfected the process.

This tutorial is for setting up a DNS server as an authoritative nameserver. That means that you will be able to use it as a DNS server to point domain names to outside web servers. An example would be if you had the domain name and a server with the IP You could then use this nameserver setup to point that domain name to that IP address. I hope that is clear enough. This is not a caching only nameserver or a nameserver for internal use only, it is a fully functional authoritative name server meaning that it is a nameserver that can be used just like Godaddy's or any other large company's nameservers. Unless you have a need for this type of nameserver, I recommend using an existing service, otherwise read on!

Installing BIND DNS

  1. Login to your Server and get a command prompt. I did mine as an Amazon EC2 instance, so I logged into mine remotely using PUTTY.
  2. Become Super User by typing: sudo su at the command prompt.
  3. Install the Bind 9 package with:  yum install bind

Setting Up Nameserver Domain

There is a lot to setting up a nameserver's domain name, so bare with me here as I explain it all here. If you don't need this section having already done this, skip it and move on to the next heading.

  1. Go into your domain name provider's website and point the domain name you are using for your name server to the IP address of the DNS/Bind server using an address or "a" record. Next you have to set up two host records. See your domain name providers rules for this or if you are using Godaddy, scroll down on the domain information page to where it says "hosts" and click on "add" and fill in the two IPs you have for your nameservers. You can either set two IPs to your one DNS server or do what I did and clone off your DNS server giving the second one the second required IP. Yes, you have to have two IP addresses for a DNS system to work.
  2. Go into your Bind server via command prompt again and set up a master zone record for the nameserver itself. If your DNS server's domain name were, the name of the file would need to be  This would be what your zone file would look like and it goes in the var/named directory:
  3. $ttl 900      IN      SOA (
    900 )      IN      A  IN      A  IN      A  IN      A      IN      NS      IN      NS
  4. Now you have to edit your named.conf file in the /etc/ directory so it looks like the following example for Remember this is the domain name for your DNS server, the one that you will use as and Here is the file contents for etc/named.conf: // nameserver setup
    //where is the domain name to the nameserver itself
    // named.conf
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    options {
    listen-on port 53 {; };
    listen-on-v6 port 53 { 0::0:0:0:0/0; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query {
    recursion yes;dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    logging {
    channel default_debug {
    file "data/";
    severity dynamic;

    zone "." IN {
    type hint;
    file "";

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    //this is the zone for the DNS server itself
    zone "" {
    type master;
    file "/var/named/";
    //all other outside domains pointed to this DNS server below here:

  5. Okay now you should have a file named something like from step 2 & 3 in your var/named directory and a file named named.conf in your /etc directory. Just to be clear. The next thing you need to do is: from the DNS server command prompt, type: ifconfig and press enter. This is to get the listen-on IP and V6 listen on IP. From the information you got with the ifconfig command look for the IP address after where it says "inet addr:" that's what you replace "" with in the named.conf file above where it says listen-on-port. Now look in the ifconfig readout for where it says inet6 addr:" and use that longer number for the listen-on v6 port replacing where I currently have 0::0:0:0:0/0. save the file to your etc directory.

Point an external Domain Name with Bind DNS

Now it is time to see your new DNS server in action. the following instructions are for taking a domain name you own and pointing it using your DNS server. Here is what you will need:

  • The two nameserver domains such as and, the same ones you used in the above steps to set up your nameservers zone files and the ones you used with your nameserver domain name configuration at your domain name provider to point to the DNS server itself.
  • A server with an IP address to point the outside domain name to. I set up a free micro instance in Amazon EC2 to use as a test server for this, but you can use whatever server you want.
  • You will need your domain name settings from the domain name provider set up. To do this, go into the nameserver settings and use the and ns2.example subdomains you set up for your DNS server and the two IPs that point to the DNS server or to two separate DNS servers if that is how you set it up. You should have two, but one will work I think if you have two IPs for it.

Okay after you have the above all done, follow the following instructions to set up the BIND DNS configuration for the new domain name which you want to point to a server to have your own DNS server point that domain so others can see it on the internet.

  1. First, you need to edit the same /ect/named.conf file once more to add a zone for the new external domain name. At the end of the named.conf file, add the following:
  2. zone "" {
    type master;
    file "/var/named/";
  3. Then save the etc/named.conf file and go to the var/named dir and start a zone file for that domain and save it in var/named as It needs to have the following bare min. content. the content here is just to point the domain and excludes mx records, cname records etc. this is a barebones set up for simplicity's sake and only has the address record needed to actually point the domain name to resolve it to your web site on the server for which you should already have an IP address for:
  4. $ttl 900  IN      SOA (
    3600 )  IN      NS  IN      NS  IN      A      IN      A
  5. Change mydomain to your domain name, change to your DNS domain name, change to your IP and save the above contents in a file at var/ replacing mydomain with the actual domain name you are pointing.
  6. Now set up a virtual host on the same DNS server so it has information on the domain name. All it needs is the IP adress and root folder on the web server for which you are supplying the IP for. The next step has the contents that you have to add to the etc/httpd/conf/httpd.conf file:
  7. <VirtualHost>
    DocumentRoot "/var/www/html"
    <Directory "/var/www/html">
    allow from all
    Options +Indexes
  8. Save the httpd.conf file and fire up your server now that everything should be in place. You can start your server with: sudo service named start or restart with sudo service named restart if it is already running.

That is about it. I hope it works for you. I remember it took me days to set up my first authoritative DNS server, but if you follow this process well enough it should make it easier for you. If you don't see any errors when starting your DNS server, then you should be good.


To test your server, wait for at least thirty min and then try to resolve your domain name that you pointed with the new DNS server. It it resolves to the correct web server and you see the site you posted there, then you are doing great. If not, track down any typos in the config files and try, try again. Here are some links to help you test DNS issues:



Setting up Domain Names on Autoratative Nameserver with Bind and Webmin

This is an advanced level DNS server administration tutorial. If you don't know what DNS means, get out while you can, this is complex stuff and you got to have some background information first. Start reading up on nameservers first, you will need some education behind you before attempting this tutorial, trust me. It took me weeks to learn to set one up with no background education in computer science, but I did it and here is how. First you may also want to read my previous article on how to set up the domain name for the webserver itself. This tutorial is for setting up domain names on an already configured nameserver that already has a domain name and at least two sub-domains such as and


Inserting new domains in Bind and Webmin


How Setup domain name Zone Records:

This is a tutorial on how to set up domain name Zone records on our name servers using Webmin and Bind. This is necessary in the process of pointing a domain to our nameserver and being able to control them from our domain name rotation system.

  1. Login to Webmin - and click on "Servers" then on "Bind DNS Server"
  2. Create a Master Zone - by scrolling down to "Existing DNS Zones" and clicking on "Create master zone". Then fill out the form as follows:
    • In the first field, type in the domain name you are setting up. For example, "" without quotes.
    • Then skip down to the "" field and enter "" without quotes.
    • If you have Global Server Options/Default Zones set up, enter the relative IP address in the "IP address for template records" field and check yes in front of it, otherwise skip this and check no in front of it.
    • For "Refresh time" enter 30 min. for testing or longer for permanent records.
    • For "Transfer retry time" enter 30 min. for testing or longer for permanent records.
    • For "Expiry time" enter 60 min. for testing or longer for permanent records.
    • For "Negative cache time" enter 60 min. for testing or longer for permanent records.
  3. Click the "Create" button to save the master zone.
  4. Click on the "Address" icon and enter the following information in the resulting pop up window:
    • Leave the "Name" field blank and enter the IP address to the server that holds the website for the domain name you are configuring in the "Address" field.
    • Press the Create button and a new address record form will appear. This time, type "www" without quotes in the "Name" field and enter the same IP in the "Address" field and click Create again.
  5. Click on "Return to record types" at the bottom of the form and click on the "Nameserver" icon from the main menu. Enter the domain name in the first field and enter the nameserver in the second. If you look below the form, the first nameserver, ns1, should already be entered, so just enter the second one here, It is important to enter a trailing period after both the domain name and the nameserver domain name in this form. When you have both nameserver records entered, click create and "return to record type".
  6. Finally, click on "Apply zone" in the top right corner of the page and you should be done. If it doesn't take, restart the Bind server, but you shouldn't have to.
  7. Duplicate process on nameserver two - When you are done with all of the above steps for nameserver one, do the exact same thing on nameserver two.
  8. Create Virtual Host - After the all the zone records are done, follow the instructions below to create a virtual host for the same domain name you just set up on both nameservers. you will be creating the virtual host on both as well.
  9. TEST - When you are done, the settings can take up to 72 hours to work, but normally work within a half hour, so as soon as you are done, you can test by typing your domain name into a browser window to see if it resolves. If it doesn't wait an hour and try again. If it still doesn't work after 72 hours you likely have a problem, so go over everything and make sure it's set correctly. You can use online tools such as those found at
  10. TIPS Trouble shooting - If you still need help or more information since this is a very basic, bare bones set up I have described, go to for more complete instructions or go to for similar simple instructions or finally also at linuxjunkies. There are also tools available to check DNS settings available at and GOOD LUCK! (you may need it)

How Setup domain name Virtual Hosts:

This is a tutorial on how to set up domains on our web server using Webmin. This is also necessary in the process of pointing a domain to our nameserver and being able to control them from our domain name rotation system.

  1. Login to Webmin - Click on Servers/Apache Webserver
  2. Create Virtual Host - by clicking on the "Create Virtual Host" tab.
  3. Enter IP Address - in the first field and select the "Specific address .. " option just above it.
  4. Enter the document Root - in the "Document Root" field.
  5. Save - by clicking the "Create Now" button under the form.
  6. Copy settings - on webserver two just like you did here for webserver one.
  7. Apply Changes - by clicking on the "Apply changes" link in the upper right hand corner of the webpage in Webmin.
  8. Test - by entering the domain name into a web browser and seeing if it resolves to the correct webserver. If it doesn't wait an hour or so and try again. If it doesn't work after 72 hours, something is definitely wrong. Use the tools mentioned above in the section on setting up the nameserver section.

Installing Webmin on Amazon Linux AMI in EC2

Here is how I installed Webmin on my Linux AMI from Amazon EC2:

first switch to root user so you don't have to type sudo in front of every command:

sudo su

install the package:


Unpack Webmin. Use the following command, but update the version number if it has changed:

sudo rpm -U webmin-1.620-1.noarch.rpm

your putty session should look like this after it is done. It will take a few min to finish and when you see the screen that looks like the below image, it is done:

Snap 2013-02-09 at 12.50.03

Make change to firewall

check that firewall is running with:

service iptables status

Stop the firewall with:

service iptables stop

Add port 1000 for Webmin with this command:

iptables -A INPUT -p tcp --dport 10000 -j ACCEPT

then save the rule:

/sbin/service iptables save


service iptables restart

flush the firewal rules:

iptables -F

restart and check status:

service iptables restart

service iptables status

you should see your port added as in the image below:

Snap 2013-02-09 at 12.58.37

Notice the tcp dpt:1000 on the right of the screen If you don't see it, redo the firewall steps again until you do!

Reboot by typing this at command line:

wait a couple minutes and log back in with butty as you will be kicked out during reboot process.

If you didn't have an elastic IP which you should, you will have to update the IP address of the instance.

Now you have to set a root password since ec2-user won't work with web admin and amazon Linux AMIs don't come with a root password, so use the following command:

/usr/libexec/webmin/ /etc/webmin root PASSWORD

replace PASSWORD with your own root password of course.

restart Webmin again with

service webmin restart

Now you should be all set so login with your favorite web browser using the following URL but replace the IP with the elastic IP you set for your instance:


Bind didn't show up under servers in the left navigation panel for Webmin, so this is what you do:

in the search box in left nav, type bind and click to search. IN the search results, I clicked on the first one that said "BIND DNS server" and it prompted me to install it if wanted, I clicked to install.

after successful install, refresh page and Webmin should have bind dns listed under servers now in the left navigation menu.

click on Bind DNS server and you will see the admin for bind.










How to Set Up Bind DNS Server on Amazon EC2

This is an advanced level DNS server tutorial only recommended for those of you that have a bit of DNS background because this was very complex for me the first time. However, if you are new to BIND and are willing to struggle with it a a bit, I will try to explain everything clearly and concisely. Here is how I set up Bind9 on my Amazon EC2 instance:

First install bind9. I can't remember the exact command I used, but a quick Google search shows me to use:

sudo apt-get install bind9 dnsutils

Configuring Bind or Bind9

To cut down on the size of this post, I am going to redirect you to do the main name server configuration. This is the tutorial I used when I set mine up:

The above link simplifies the config process as much as possible. It is still complex and overwhelming for many people though, so if you have the patience, go for it, but if you don't, then this may not be the project for you to be honest.


Once you get the configuration for your name server done, you will want to add some hosted zones for domains that you may already own or that your clients own.

Adding Domains to your Name Server

Perhaps the most exciting part of running your own name server is setting up external domains to work with it. By that, I mean, using your own name server to be the authoritative name serve for a domain name owned by you or by a third party such as a client or friend of yours. In order to use your name server as the DNS of a domain name, follow the steps below in detail:

1) go to your domain name registrar and set the name server records to point to your name server subdomains which should look something like and yes you need at least two nameservers to go into the name server business. It simply won't work with one.

2) after pointing your domain name to your name server, log into your name server with a terminal window and edit the necessary configuration files. First you have to add a file named after your domain name that you are hosting. Name the file according to the following format:

you can do so with the following command line command:

sudo vi /etc/bind/

which will open a new file in the VI editor. hit the "i" key to insert content and copy and paste the following default config file text and edit for your domain name:

  1. ; Zone file for
  2. $TTL    3600
  3. $ORIGIN
  4. @       IN      SOA (
  5.                      2012033101         ; Serial
  6.                            3600         ; Refresh
  7.                            1800         ; Retry
  8.                          604800         ; Expire
  9.                           43200 )       ; Negative Cache TTL
  10.         IN      NS
  11.         IN      NS
  12. @       IN      A
  13. www     IN      A

Make the following changes to the above file:

change to the domain name you are pointing with your name server

change to your name server domain name

Next you need to add a zone to your DNS config file, so open it with:

sudo vi /etc/bind/named.conf.local
Add the following to the end of the file:

  1. zone "" {
  2.         type master;
  3.         file "/etc/bind/";
  4. };

Change to the actual domain name in both lines 1 and 3 above.