Bind9 (DNS) Installation 24.04LTS: Difference between revisions
(22 intermediate revisions by 2 users not shown) | |||
Line 7: | Line 7: | ||
Shut down the service for configuration | Shut down the service for configuration | ||
service | systemctl stop bind9.service | ||
== Update bind to use IP 4 addresses only == | == Update bind to use IP 4 addresses only == | ||
Line 36: | Line 36: | ||
<pre> | <pre> | ||
include "/etc/bind/rndc.key"; | |||
zone "scottworld.net" { | zone "scottworld.net" { | ||
Line 45: | Line 42: | ||
file "/var/lib/bind/zones/db.scottworld.net"; | file "/var/lib/bind/zones/db.scottworld.net"; | ||
check-names ignore; | check-names ignore; | ||
allow-update { | allow-update { key rndc-key; }; | ||
}; | }; | ||
Line 52: | Line 50: | ||
file "/var/lib/bind/zones/db.10.3"; | file "/var/lib/bind/zones/db.10.3"; | ||
check-names ignore; | check-names ignore; | ||
allow-update { | allow-update { key rndc-key; }; | ||
}; | }; | ||
</pre> | </pre> | ||
Line 72: | Line 70: | ||
$TTL 604800 ; 1 week | $TTL 604800 ; 1 week | ||
scottworld.net IN SOA solaris.scottworld.net. mark.scottworld.net. ( | scottworld.net IN SOA solaris.scottworld.net. mark.scottworld.net. ( | ||
1 ; serial | |||
604800 ; refresh (1 week) | 604800 ; refresh (1 week) | ||
86400 ; retry (1 day) | 86400 ; retry (1 day) | ||
Line 81: | Line 79: | ||
A 10.3.200.1 | A 10.3.200.1 | ||
$ORIGIN scottworld.net. | $ORIGIN scottworld.net. | ||
amazon-5f60112a9 A 10.3.50.13 | |||
amazon-c01e642c8 A 10.3.50.12 | |||
asteriod A 10.3.101.2 | |||
BackCam A 10.3.50.31 | |||
Chromecast A 10.3.50.14 | |||
comet A 10.3.200.3 | comet A 10.3.200.3 | ||
cyd A 10.3.50.24 | cyd A 10.3.50.24 | ||
ddhomerun A 10.3.50.1 | ddhomerun A 10.3.50.1 | ||
Dining-main A 10.3.50.5 | |||
Dining-uplighter1 A 10.3.50.17 | |||
Dining-uplighter2 A 10.3.50.18 | |||
DoorBell A 10.3.50.32 | |||
Dining- | |||
Dining- | |||
Dining- | |||
envoy A 10.3.50.2 | envoy A 10.3.50.2 | ||
FrontCam A 10.3.50.30 | |||
gateway A 10.3.1.1 | gateway A 10.3.1.1 | ||
HotWaterRelay A 10.3.50.33 | |||
ipPhone A 10.3.50.40 | |||
Landing-main A 10.3.50.10 | |||
Landing- | Lounge-colin A 10.3.50.21 | ||
Lounge- | Lounge-floor A 10.3.50.16 | ||
Lounge- | Lounge-larry A 10.3.50.15 | ||
Lounge- | Lounge-main A 10.3.50.4 | ||
Lounge- | mame A 10.3.50.20 | ||
mars A 10.3.200.2 | mars A 10.3.200.2 | ||
mimas A 10.3.101.3 | mimas A 10.3.101.3 | ||
MiniR2 A 10.3.50.23 | |||
mqtt CNAME mars | mqtt CNAME mars | ||
patio A 10.3.50.6 | patio A 10.3.50.6 | ||
porch A 10.3.50.7 | porch A 10.3.50.7 | ||
PowerCord A 10.3.50.19 | |||
printer A 10.3.101.100 | printer A 10.3.101.100 | ||
roku A 10.3.50.9 | roku A 10.3.50.9 | ||
saturn A 10.3.101.1 | |||
saturn A 10.3. | scottcloud CNAME solaris | ||
scottcloud | |||
scotthome CNAME solaris | scotthome CNAME solaris | ||
scottscreen A 10.3.50.3 | scottscreen A 10.3.50.3 | ||
solaris A 10.3.200.1 | solaris A 10.3.200.1 | ||
WAPLoft A 10.3.1.2 | |||
WAPLounge A 10.3.1.3 | |||
wiki CNAME scottworrs.cluster020.hosting.ovh.net. | wiki CNAME scottworrs.cluster020.hosting.ovh.net. | ||
wikimin CNAME solaris | wikimin CNAME solaris | ||
www CNAME scottworrs.cluster020.hosting.ovh.net. | www CNAME scottworrs.cluster020.hosting.ovh.net. | ||
yamaha A 10.3.50.8 | yamaha A 10.3.50.8 | ||
</pre> | </pre> | ||
Line 172: | Line 131: | ||
<pre> | <pre> | ||
$ORIGIN . | |||
$TTL 604800 ; 1 week | |||
$TTL | 3.10.in-addr.arpa IN SOA solaris.scottworld.net. mark\@scottworld.net. ( | ||
1 ; serial | |||
604800 ; refresh (1 week) | |||
86400 ; retry (1 day) | |||
2419200 ; expire (4 weeks) | |||
604800 ; minimum (1 week) | |||
) | |||
NS solaris.scottworld.net. | |||
$ORIGIN 1.3.10.in-addr.arpa. | |||
200 | 1 PTR gateway.scottworld.net. | ||
2 PTR WAPLoft.scottworld.net. | |||
3 PTR WAPLounge.scottworld.net. | |||
$ORIGIN 50.3.10.in-addr.arpa. | |||
1 PTR ddhomerun.scottworld.net. | |||
10 PTR Landing-main.scottworld.net. | |||
12 PTR amazon-c01e642c8.scottworld.net. | |||
13 PTR amazon-5f60112a9.scottworld.net. | |||
14 PTR Chromecast.scottworld.net. | |||
15 PTR Lounge-larry.scottworld.net. | |||
16 PTR Lounge-floor.scottworld.net. | |||
17 PTR Dining-uplighter1.scottworld.net. | |||
18 PTR Dining-uplighter2.scottworld.net. | |||
19 PTR PowerCord1.scottworld.net. | |||
2 PTR envoy.scottworld.net. | |||
20 PTR mame.scottworld.net. | |||
21 PTR Lounge-colin.scottworld.net. | |||
23 PTR MiniR2.scottworld.net. | |||
24 PTR cyd.scottworld.net. | |||
3 PTR scottscreen.scottworld.net. | |||
30 PTR FrontCam.scottworld.net. | |||
31 PTR BackCam.scottworld.net. | |||
32 PTR DoorBell.scottworld.net. | |||
33 PTR HotWaterRelay.scottworld.net. | |||
4 PTR Lounge-main.scottworld.net. | |||
40 PTR ipPhone.scottworld.net. | |||
5 PTR Dining-main.scottworld.net. | |||
6 PTR patio.scottworld.net. | |||
7 PTR porch.scottworld.net. | |||
8 PTR yamaha.scottworld.net. | |||
9 PTR roku.scottworld.net. | |||
$ORIGIN 100.3.10.in-addr.arpa. | |||
$ORIGIN 101.3.10.in-addr.arpa. | |||
1 PTR saturn.scottworld.net. | |||
100 PTR printer.scottworld.net. | |||
2 PTR asteroid.scottworld.net. | |||
3 PTR mimas.scottworld.net. | |||
$ORIGIN 200.3.10.in-addr.arpa. | |||
1 PTR solaris.scottworld.net. | |||
2 PTR mars.scottworld.net. | |||
3 PTR comet.scottworld.net. | |||
; also list other computers | ; also list other computers | ||
Line 193: | Line 196: | ||
nano named.conf.options | nano named.conf.options | ||
add | add these lines to the options file. | ||
allow-query-cache { localnets; 10.3.0.0/ | allow-query-cache { localnets; 10.3.0.0/16; }; | ||
allow-recursion { localnets; 10.3.0.0/16; }; | |||
== Set folder permissions and test == | == Set folder permissions and test == | ||
Line 202: | Line 206: | ||
Set the permissions on the folder / zone files so BIND can write to them. | Set the permissions on the folder / zone files so BIND can write to them. | ||
chown bind:bind /var/lib/bind/zones | chown bind:bind /var/lib/bind/zones -R | ||
chmod 770 /var/lib/bind/zones | chmod 770 /var/lib/bind/zones | ||
chmod 660 /var/lib/bind/zones/* | |||
Restart BIND | Restart BIND | ||
systemctl start bind9.service | |||
Line 214: | Line 218: | ||
Test that the dns lookups works with the local server: | Test that the dns lookups works with the local server: | ||
dig google.com | dig @10.3.200.1 google.com | ||
The response should be: | The response should be: | ||
Line 249: | Line 253: | ||
</pre> | </pre> | ||
Test that the reverse lookup works: | Test that the reverse lookup works: | ||
host | host 10.3.200.1 | ||
Response: | Response: | ||
200.3. | root@solaris:/var/lib/bind/zones# host 10.3.200.1 | ||
1.200.3.10.in-addr.arpa domain name pointer solaris. | |||
1.200.3.10.in-addr.arpa domain name pointer solaris.local. | |||
REMEMBER | REMEMBER | ||
Line 296: | Line 274: | ||
rndc thaw <zone you want to unfreeze> | rndc thaw <zone you want to unfreeze> | ||
== Update Netplan to use yourself as DNS == | |||
nano /etc/netplan/00-solaris.yaml | |||
Change the nameserver to yourself 10.3.200.1 | |||
netplan apply | |||
Latest revision as of 01:17, 20 March 2024
This will configure split DNS. This will allow you to create a local DNS zone "scottworld.net" which will handle all local requests. It will be an extension of scottworld.net which is the registered domain. Requests for scottworld.net hosts (and other traffic) that are not local are forwarded out to the internet.
Install bind.
apt install bind9
Shut down the service for configuration
systemctl stop bind9.service
Update bind to use IP 4 addresses only
This will prevent a whole bunch of IP6 fails and your log filling up.
nano /etc/default/named
# # run resolvconf? RESOLVCONF=no # startup options for the server OPTIONS="-u bind -4"
Define the zones for the local domain:
We will now edit named.conf.local and set up the zones we are using for DNS.
sudo nano /etc/bind/named.conf.local
Add a zones and their location for the local domain and the access rights. Here we define 2 zones, a forward and reverse zone.
include "/etc/bind/rndc.key"; zone "scottworld.net" { type master; file "/var/lib/bind/zones/db.scottworld.net"; check-names ignore; allow-update { key rndc-key; }; }; zone "3.10.in-addr.arpa" { type master; file "/var/lib/bind/zones/db.10.3"; check-names ignore; allow-update { key rndc-key; }; };
Set up a Zones Folder
Create a zone folder to host the zone files in /var/lib/bind/
mkdir /var/lib/bind/zones
Configure the local forward lookup zone
nano /var/lib/bind/zones/db.scottworld.net
Here we also add to STATIC hosts as A records (contained in the zone file)
$ORIGIN . $TTL 604800 ; 1 week scottworld.net IN SOA solaris.scottworld.net. mark.scottworld.net. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS solaris.scottworld.net. A 10.3.200.1 $ORIGIN scottworld.net. amazon-5f60112a9 A 10.3.50.13 amazon-c01e642c8 A 10.3.50.12 asteriod A 10.3.101.2 BackCam A 10.3.50.31 Chromecast A 10.3.50.14 comet A 10.3.200.3 cyd A 10.3.50.24 ddhomerun A 10.3.50.1 Dining-main A 10.3.50.5 Dining-uplighter1 A 10.3.50.17 Dining-uplighter2 A 10.3.50.18 DoorBell A 10.3.50.32 envoy A 10.3.50.2 FrontCam A 10.3.50.30 gateway A 10.3.1.1 HotWaterRelay A 10.3.50.33 ipPhone A 10.3.50.40 Landing-main A 10.3.50.10 Lounge-colin A 10.3.50.21 Lounge-floor A 10.3.50.16 Lounge-larry A 10.3.50.15 Lounge-main A 10.3.50.4 mame A 10.3.50.20 mars A 10.3.200.2 mimas A 10.3.101.3 MiniR2 A 10.3.50.23 mqtt CNAME mars patio A 10.3.50.6 porch A 10.3.50.7 PowerCord A 10.3.50.19 printer A 10.3.101.100 roku A 10.3.50.9 saturn A 10.3.101.1 scottcloud CNAME solaris scotthome CNAME solaris scottscreen A 10.3.50.3 solaris A 10.3.200.1 WAPLoft A 10.3.1.2 WAPLounge A 10.3.1.3 wiki CNAME scottworrs.cluster020.hosting.ovh.net. wikimin CNAME solaris www CNAME scottworrs.cluster020.hosting.ovh.net. yamaha A 10.3.50.8
Configure the local reverse lookup zone
nano /var/lib/bind/zones/db.10.3
$ORIGIN . $TTL 604800 ; 1 week 3.10.in-addr.arpa IN SOA solaris.scottworld.net. mark\@scottworld.net. ( 1 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS solaris.scottworld.net. $ORIGIN 1.3.10.in-addr.arpa. 1 PTR gateway.scottworld.net. 2 PTR WAPLoft.scottworld.net. 3 PTR WAPLounge.scottworld.net. $ORIGIN 50.3.10.in-addr.arpa. 1 PTR ddhomerun.scottworld.net. 10 PTR Landing-main.scottworld.net. 12 PTR amazon-c01e642c8.scottworld.net. 13 PTR amazon-5f60112a9.scottworld.net. 14 PTR Chromecast.scottworld.net. 15 PTR Lounge-larry.scottworld.net. 16 PTR Lounge-floor.scottworld.net. 17 PTR Dining-uplighter1.scottworld.net. 18 PTR Dining-uplighter2.scottworld.net. 19 PTR PowerCord1.scottworld.net. 2 PTR envoy.scottworld.net. 20 PTR mame.scottworld.net. 21 PTR Lounge-colin.scottworld.net. 23 PTR MiniR2.scottworld.net. 24 PTR cyd.scottworld.net. 3 PTR scottscreen.scottworld.net. 30 PTR FrontCam.scottworld.net. 31 PTR BackCam.scottworld.net. 32 PTR DoorBell.scottworld.net. 33 PTR HotWaterRelay.scottworld.net. 4 PTR Lounge-main.scottworld.net. 40 PTR ipPhone.scottworld.net. 5 PTR Dining-main.scottworld.net. 6 PTR patio.scottworld.net. 7 PTR porch.scottworld.net. 8 PTR yamaha.scottworld.net. 9 PTR roku.scottworld.net. $ORIGIN 100.3.10.in-addr.arpa. $ORIGIN 101.3.10.in-addr.arpa. 1 PTR saturn.scottworld.net. 100 PTR printer.scottworld.net. 2 PTR asteroid.scottworld.net. 3 PTR mimas.scottworld.net. $ORIGIN 200.3.10.in-addr.arpa. 1 PTR solaris.scottworld.net. 2 PTR mars.scottworld.net. 3 PTR comet.scottworld.net. ; also list other computers
Allow the openVPN network to used locally cached DNS entries
nano named.conf.options
add these lines to the options file.
allow-query-cache { localnets; 10.3.0.0/16; }; allow-recursion { localnets; 10.3.0.0/16; };
Set folder permissions and test
Set the permissions on the folder / zone files so BIND can write to them.
chown bind:bind /var/lib/bind/zones -R chmod 770 /var/lib/bind/zones chmod 660 /var/lib/bind/zones/*
Restart BIND
systemctl start bind9.service
Test that the dns lookups works with the local server:
dig @10.3.200.1 google.com
The response should be:
root@solaris:~# dig google.com ; <<>> DiG 9.8.1-P1 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36080 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 32 IN A 173.194.34.69 google.com. 32 IN A 173.194.34.65 google.com. 32 IN A 173.194.34.71 google.com. 32 IN A 173.194.34.70 google.com. 32 IN A 173.194.34.73 google.com. 32 IN A 173.194.34.78 google.com. 32 IN A 173.194.34.66 google.com. 32 IN A 173.194.34.68 google.com. 32 IN A 173.194.34.67 google.com. 32 IN A 173.194.34.64 google.com. 32 IN A 173.194.34.72 ;; Query time: 1412 msec ;; SERVER: 192.168.3.1#53(192.168.3.1) ;; WHEN: Mon Apr 30 10:15:47 2012 ;; MSG SIZE rcvd: 204
Test that the reverse lookup works:
host 10.3.200.1
Response:
root@solaris:/var/lib/bind/zones# host 10.3.200.1 1.200.3.10.in-addr.arpa domain name pointer solaris. 1.200.3.10.in-addr.arpa domain name pointer solaris.local.
REMEMBER Do not forget to update the serial every time you make any changes to a zone file.
To make a change to DNS.
rndc freeze <zone you want to freeze> nano /var/lib/bind/zones/<file you want to change> Make sure you update the serial number rndc thaw <zone you want to unfreeze>
Update Netplan to use yourself as DNS
nano /etc/netplan/00-solaris.yaml
Change the nameserver to yourself 10.3.200.1
netplan apply