Bind9 (DNS) Installation

From Scottworld
Jump to navigation Jump to search

This will configure split DNS. This will allow you to create a local DNS zone "scottworld.net" which will handle all local requests. It will be an extension of scottworld.net which is the registered domain. Requests for scottworld hosts (and other traffic) that are not local are forwarded out to the internet.

Install bind.

apt install bind9

Shut down the service for configuration

service bind9 stop

Update bind to use IP 4 addresses only

This will prevent a whole bunch of IP6 fails and your log filling up.

nano /etc/default/named
#
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"


Define the zones for the local domain:

We will now edit named.conf.local and set up the zones we are using for DNS.

sudo nano /etc/bind/named.conf.local

Add a zones and their location for the local domain and the access rights. Here we define 2 zones, a forward and reverse zone.

acl "scottworld-lan" {
        localnets;
};

allow-recursion { scottworld-lan; };
allow-query-cache { scottworld-lan; };

zone "scottworld.net" {
        type master;
        file "/var/lib/bind/zones/db.scottworld.net";
        check-names warn;
        allow-update { scottworld-lan; };
};

zone "3.168.192.in-addr.arpa" {
        type master;
        file "/var/lib/bind/zones/db.192.168.3";
        check-names warn;
        allow-update { scottworld-lan; };
};

Set up a Zones Folder

Create a zone folder to host the zone files in /var/lib/bind/

mkdir /var/lib/bind/zones

Configure the local forward lookup zone

nano /var/lib/bind/zones/db.scottworld.net

Here we also add to STATIC hosts as A records (contained in the zone file)

solaris                 A       192.168.3.200
www                     CNAME   scottworrs.cluster020.hosting.ovh.net.
$ORIGIN .
$TTL 604800 ; 1 week
scottworld.net IN SOA solaris.scottworld.net. mark.scottworld.net. (
                1 ; serial
                604800 ; refresh (1 week)
                86400 ; retry (1 day)
                2419200 ; expire (4 weeks)
                604800 ; minimum (1 week)
                )
        NS      solaris.scottworld.net.
        A       192.168.3.200
$ORIGIN scottworld.net.
solaris                 A       192.168.3.200
saturn                  A       192.168.3.5
ceres                   A       192.168.3.201
www                     CNAME   scottworrs.cluster020.hosting.ovh.net.
wiki                    CNAME   scottworrs.cluster020.hosting.ovh.net.

Configure the local reverse lookup zone

nano /var/lib/bind/zones/db.192.168.3

; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     solaris.scottworld.net. mark@scottworld.net.(
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      solaris.
200      IN      PTR     solaris.scottworld.net.

; also list other computers

Allow the openVPN network to used locally cached DNS entries

nano named.conf.options

add this line to the options file.

allow-query-cache { localnets; 10.3.0.0/24; };

Set folder permissions and test

Set the permissions on the folder / zone files so BIND can write to them.

chown bind:bind /var/lib/bind/zones
chmod 770 /var/lib/bind/zones -R

Restart BIND and DHCP to use the new settings:

service bind9 restart
service isc-dhcp-server restart


Test that the dns lookups works with the local server:

dig google.com

The response should be:

root@solaris:~# dig google.com

; <<>> DiG 9.8.1-P1 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36080
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             32      IN      A       173.194.34.69
google.com.             32      IN      A       173.194.34.65
google.com.             32      IN      A       173.194.34.71
google.com.             32      IN      A       173.194.34.70
google.com.             32      IN      A       173.194.34.73
google.com.             32      IN      A       173.194.34.78
google.com.             32      IN      A       173.194.34.66
google.com.             32      IN      A       173.194.34.68
google.com.             32      IN      A       173.194.34.67
google.com.             32      IN      A       173.194.34.64
google.com.             32      IN      A       173.194.34.72

;; Query time: 1412 msec
;; SERVER: 192.168.3.1#53(192.168.3.1)
;; WHEN: Mon Apr 30 10:15:47 2012
;; MSG SIZE  rcvd: 204

Test that all of your computers are listed with the following command:

host -l scottworld.net

The output should list all of your entered hosts: Example:

scottworld.net name server solaris.scottworld.net.
scottworld.net has address 192.168.3.200
scottworld.net has IPv6 address ::1
adwebmail.scottworld.net has address 213.171.195.75
android_832db9ab2532e69b.scottworld.net has address 192.168.3.11
Brians-iPhone-2.scottworld.net has address 192.168.3.48
jupiter.scottworld.net has address 192.168.3.15
Keiths-iPhone.scottworld.net has address 192.168.3.47
mail.scottworld.net has address 213.171.216.114
mythboxBED.scottworld.net has address 192.168.3.16
mythboxtv.scottworld.net has address 192.168.3.49
ns.scottworld.net has address 192.168.3.200
PRINTER.scottworld.net has address 192.168.3.44
smtp.scottworld.net has address 213.171.216.50
solaris.scottworld.net has address 192.168.3.200
solaris2.scottworld.net has address 192.168.3.201
venus.scottworld.net has address 192.168.3.14
webmail.scottworld.net has address 213.171.216.114
www.scottworld.net has address 88.208.252.199
ye12744LT.scottworld.net has address 192.168.3.46

Test that the reverse lookup works:

host 192.168.3.200

Response:

200.3.168.192.in-addr.arpa domain name pointer solaris.scottworld.net.

REMEMBER Do not forget to update the serial every time you make any changes to a zone file.

Save and close the editor when you are finished. Reload the systemd daemon to read the new configuration into the running system:

sudo systemctl daemon-reload
sudo systemctl restart bind9