Bind9 (DNS) Installation 24.04LTS
This will configure split DNS. This will allow you to create a local DNS zone "scottworld.net" which will handle all local requests. It will be an extension of scottworld.net which is the registered domain. Requests for scottworld.net hosts (and other traffic) that are not local are forwarded out to the internet.
Install bind.
apt install bind9
Shut down the service for configuration
systemctl stop bind9.service
Update bind to use IP 4 addresses only
This will prevent a whole bunch of IP6 fails and your log filling up.
nano /etc/default/named
# # run resolvconf? RESOLVCONF=no # startup options for the server OPTIONS="-u bind -4"
Define the zones for the local domain:
We will now edit named.conf.local and set up the zones we are using for DNS.
sudo nano /etc/bind/named.conf.local
Add a zones and their location for the local domain and the access rights. Here we define 2 zones, a forward and reverse zone.
acl "scottworld-lan" { localnets; 10.3.0.0/16; }; zone "scottworld.net" { type master; file "/var/lib/bind/zones/db.scottworld.net"; check-names ignore; allow-update { scottworld-lan; }; }; zone "3.10.in-addr.arpa" { type master; file "/var/lib/bind/zones/db.10.3"; check-names ignore; allow-update { scottworld-lan; }; };
Set up a Zones Folder
Create a zone folder to host the zone files in /var/lib/bind/
mkdir /var/lib/bind/zones
Configure the local forward lookup zone
nano /var/lib/bind/zones/db.scottworld.net
Here we also add to STATIC hosts as A records (contained in the zone file)
$ORIGIN . $TTL 604800 ; 1 week scottworld.net IN SOA solaris.scottworld.net. mark.scottworld.net. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS solaris.scottworld.net. A 10.3.200.1 $ORIGIN scottworld.net. asteroid A 10.3.101.2 backcam A 10.3.50.31 $TTL 3600 ; 1 hour BOONBOX A 10.3.100.3 DHCID ( AAEBUghHomWwx+ZARvqg4ZdLpKhPOPgpW1kz/5rUBZVV mB8= ) ; 1 1 32 $TTL 604800 ; 1 week comet A 10.3.200.3 cyd A 10.3.50.24 ddhomerun A 10.3.50.1 $TTL 3600 ; 1 hour DESKTOP-Q3C0NFT A 10.3.100.37 DHCID ( AAEB61rcJVQOhiz+yeEwQOHXAznDG8ZCwXkyxMdAyUJR tSY= ) ; 1 1 32 $TTL 604800 ; 1 week Dining-Main A 10.3.50.5 Dining-Uplighter1 A 10.3.50.22 Dining-Uplighter2 A 10.3.50.18 doorbell A 10.3.50.32 envoy A 10.3.50.2 $TTL 3600 ; 1 hour esp32-E35268 A 10.3.100.97 DHCID ( AAEBxPfgRxFRi+N12m5RY648gCiQabwBlRTHFI4iINRJ Uro= ) ; 1 1 32 $TTL 604800 ; 1 week ESP_B8019D A 10.3.50.6 frontcam A 10.3.50.30 gateway A 10.3.1.1 $TTL 1200 ; 20 minutes jupiter A 10.3.100.37 $TTL 604800 ; 1 week Landing-Main A 10.3.50.10 Lounge-Colin A 10.3.50.21 Lounge-Floor A 10.3.50.16 Lounge-Larry A 10.3.50.15 Lounge-Main A 10.3.50.4 Mame A 10.3.50.20 mars A 10.3.200.2 $TTL 1200 ; 20 minutes mimas A 10.3.101.3 $TTL 604800 ; 1 week mqtt CNAME mars $TTL 1200 ; 20 minutes Neptune A 10.3.100.13 $TTL 604800 ; 1 week patio A 10.3.50.6 $TTL 1200 ; 20 minutes phobos A 10.3.100.148 $TTL 604800 ; 1 week porch A 10.3.50.7 PowerCord1 A 10.3.50.19 printer A 10.3.101.100 $TTL 3600 ; 1 hour $TTL 604800 ; 1 week roku A 10.3.50.9 $TTL 1200 ; 20 minutes saturn A 10.3.100.12 $TTL 604800 ; 1 week scottcloud A 10.3.200.1 scotthome CNAME solaris $TTL 3600 ; 1 hour scottscreen A 10.3.50.3 $TTL 3600 ; 1 hour $TTL 604800 ; 1 week solaris A 10.3.200.1 titan A 10.3.100.21 $TTL 604800 ; 1 week wiki CNAME scottworrs.cluster020.hosting.ovh.net. wikimin CNAME solaris www CNAME scottworrs.cluster020.hosting.ovh.net. yamaha A 10.3.50.8
Configure the local reverse lookup zone
nano /var/lib/bind/zones/db.10.3
$ORIGIN . $TTL 604800 ; 1 week 3.10.in-addr.arpa IN SOA solaris.scottworld.net. mark\@scottworld.net. ( 1123 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS solaris. $ORIGIN 1.3.10.in-addr.arpa. $TTL 3600 ; 1 hour 1 PTR gateway.scottworld.net. $ORIGIN 200.3.10.in-addr.arpa. $TTL 36000 ; 10 hours 1 PTR solaris.scottworld.net. 2 PTR mars.scottworld.net. 3 PTR comet.scottworld.net. ; also list other computers
Allow the openVPN network to used locally cached DNS entries
nano named.conf.options
add this line to the options file.
allow-query-cache { localnets; 10.3.0.0/24; };
Set folder permissions and test
Set the permissions on the folder / zone files so BIND can write to them.
chown bind:bind /var/lib/bind/zones chmod 770 /var/lib/bind/zones -R
Restart BIND and DHCP to use the new settings:
service bind9 restart service isc-dhcp-server restart
Test that the dns lookups works with the local server:
dig google.com
The response should be:
root@solaris:~# dig google.com ; <<>> DiG 9.8.1-P1 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36080 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 32 IN A 173.194.34.69 google.com. 32 IN A 173.194.34.65 google.com. 32 IN A 173.194.34.71 google.com. 32 IN A 173.194.34.70 google.com. 32 IN A 173.194.34.73 google.com. 32 IN A 173.194.34.78 google.com. 32 IN A 173.194.34.66 google.com. 32 IN A 173.194.34.68 google.com. 32 IN A 173.194.34.67 google.com. 32 IN A 173.194.34.64 google.com. 32 IN A 173.194.34.72 ;; Query time: 1412 msec ;; SERVER: 192.168.3.1#53(192.168.3.1) ;; WHEN: Mon Apr 30 10:15:47 2012 ;; MSG SIZE rcvd: 204
Test that all of your computers are listed with the following command:
host -l scottworld.net
The output should list all of your entered hosts: Example:
scottworld.net name server solaris.scottworld.net. scottworld.net has address 192.168.3.200 scottworld.net has IPv6 address ::1 adwebmail.scottworld.net has address 213.171.195.75 android_832db9ab2532e69b.scottworld.net has address 192.168.3.11 Brians-iPhone-2.scottworld.net has address 192.168.3.48 jupiter.scottworld.net has address 192.168.3.15 Keiths-iPhone.scottworld.net has address 192.168.3.47 mail.scottworld.net has address 213.171.216.114 mythboxBED.scottworld.net has address 192.168.3.16 mythboxtv.scottworld.net has address 192.168.3.49 ns.scottworld.net has address 192.168.3.200 PRINTER.scottworld.net has address 192.168.3.44 smtp.scottworld.net has address 213.171.216.50 solaris.scottworld.net has address 192.168.3.200 solaris2.scottworld.net has address 192.168.3.201 venus.scottworld.net has address 192.168.3.14 webmail.scottworld.net has address 213.171.216.114 www.scottworld.net has address 88.208.252.199 ye12744LT.scottworld.net has address 192.168.3.46
Test that the reverse lookup works:
host 10.3.200.1
Response:
root@solaris:/var/lib/bind/zones# host 10.3.200.1 1.200.3.10.in-addr.arpa domain name pointer solaris. 1.200.3.10.in-addr.arpa domain name pointer solaris.local.
REMEMBER Do not forget to update the serial every time you make any changes to a zone file.
To make a change to DNS.
rndc freeze <zone you want to freeze> nano /var/lib/bind/zones/<file you want to change> Make sure you update the serial number rndc thaw <zone you want to unfreeze>
Save and close the editor when you are finished.
Reload the systemd daemon to read the new configuration into the running system:
sudo systemctl daemon-reload sudo systemctl restart bind9