User Tools
tech:linux:ubuntu:dns
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
tech:linux:ubuntu:dns [2016/06/18 12:38] rk4n3 created |
tech:linux:ubuntu:dns [2016/06/19 15:02] (current) rk4n3 |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| [[https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-16-04|A nice reference for configuration of bind on Ubuntu server]] | [[https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-16-04|A nice reference for configuration of bind on Ubuntu server]] | ||
| - | <code> | + | **Config files are under:** ''/etc/bind'' |
| - | Config files are under /etc/bind | + | |
| - | In named.conf.options: | + | **In** ''named.conf.options'': |
| - | - Add an ACL section above the "options" section: | + | * Add an ACL section above the "options" section:<code>acl "trusted" { |
| - | acl "trusted" { | + | 192.168.0.123; |
| - | 192.168.0.123; | + | 192.168.0.8; |
| - | 192.168.0.8; | + | 192.168.0.12; |
| - | 192.168.0.12; | + | 192.168.0.220; |
| - | 192.168.0.220; | + | };</code> |
| - | }; | + | * Add to "options" section (after "directory"):<code> recursion yes; |
| - | - Add to "options" section (after "directory"): | + | |
| - | recursion yes; | + | |
| allow-recursion { trusted; }; | allow-recursion { trusted; }; | ||
| listen-on { 192.168.0.123; }; | listen-on { 192.168.0.123; }; | ||
| - | allow-transfer { none; }; | + | allow-transfer { none; };</code> |
| - | - Uncomment the "forwarders" section, and add upstream | + | * Uncomment the "forwarders" section, and add upstream DNS servers to it |
| - | DNS servers to it | + | |
| - | In named.conf.local: | + | **In** ''named.conf.local'': |
| - | - Add zone(s) for local network/subnets: | + | * Add zone(s) for local network/subnets:<code>zone "samudio.net" { |
| - | zone "samudio.net" { | + | type master; |
| - | type master; | + | file "/etc/bind/zones/db.samudio.net"; |
| - | file "/etc/bind/zones/db.samudio.net"; | + | allow-transfer { 192.168.0.8; }; # ns2 private IP address - secondary |
| - | allow-transfer { 192.168.0.8; }; # ns2 private IP address - secondary | + | };</code> |
| - | }; | + | * Add reverse zone(s):<code>zone "168.192.in-addr.arpa" { |
| - | - Add reverse zone(s): | + | type master; |
| - | zone "168.192.in-addr.arpa" { | + | file "/etc/bind/zones/db.168.192"; |
| - | type master; | + | allow-transfer { 192.168.0.8; }; # ns2 private IP address - secondary |
| - | file "/etc/bind/zones/db.168.192"; | + | };</code> |
| - | allow-transfer { 192.168.0.8; }; # ns2 private IP address - secondary | + | |
| - | }; | + | |
| - | Create forward zone file: | + | **Create forward zone file:** |
| - | - cd /etc/bind ; mkdir zones ; cp db.local zones/db.samudio.net | + | * ''cd /etc/bind ; mkdir zones ; cp db.local zones/db.samudio.net'' |
| - | - Edits to forward zone file (/etc/bind/zones/db.samudio.net) | + | * Edits to forward zone file (''/etc/bind/zones/db.samudio.net'')<code>@ IN SOA ns1.samudio.net. admin.samudio.net. ( |
| - | @ IN SOA ns1.samudio.net. admin.samudio.net. ( | + | 3 ; Serial |
| - | 3 ; Serial | + | ; name servers - NS records |
| - | ; name servers - NS records | + | IN NS ns1.samudio.net. |
| - | IN NS ns1.samudio.net. | + | IN NS ns2.samudio.net. |
| - | IN NS ns2.samudio.net. | + | ; 192.168.0.0/24 - A records |
| - | ; 192.168.0.0/24 - A records | + | |
| host1.samudio.net. IN A 192.168.0.101 | host1.samudio.net. IN A 192.168.0.101 | ||
| - | host2.samudio.net. IN A 192.168.0.102 | + | host2.samudio.net. IN A 192.168.0.102</code> |
| - | Create reverse zone file(s): | + | **Create reverse zone file(s):** |
| - | - cd /etc/bind/zones ; cp ../db.127 ./db.168.192 | + | * ''cd /etc/bind/zones ; cp ../db.127 ./db.168.192'' |
| - | - Edits to reverse zone file(s): | + | * Edits to reverse zone file(s):<code>@ IN SOA ns1.samudio.net. admin.samudio.net. ( |
| - | @ IN SOA ns1.samudio.net. admin.samudio.net. ( | + | 3 ; Serial |
| - | 3 ; Serial | + | ; name servers - NS records |
| - | ; name servers - NS records | + | IN NS ns1.samudio.net. |
| - | IN NS ns1.samudio.net. | + | IN NS ns2.samudio.net. |
| - | IN NS ns2.samudio.net. | + | ; PTR records |
| - | ; PTR records | + | |
| 123.0 IN PTR ns1.samudio.net. ; 192.168.0.123 | 123.0 IN PTR ns1.samudio.net. ; 192.168.0.123 | ||
| 125.0 IN PTR ns2.samudio.net. ; 192.168.0.125 | 125.0 IN PTR ns2.samudio.net. ; 192.168.0.125 | ||
| 101.0 IN PTR host1.samudio.net. ; 192.168.0.101 | 101.0 IN PTR host1.samudio.net. ; 192.168.0.101 | ||
| - | 102.0 IN PTR host2.samudio.net. ; 192.168.0.102 | + | 102.0 IN PTR host2.samudio.net. ; 192.168.0.102</code> |
| - | Check BIND configuration syntax, zone(s), and reverse zone(s): | + | **Check BIND configuration syntax, zone(s), and reverse zone(s):** |
| - | - named-checkconf | + | * ''named-checkconf'' |
| - | - named-checkzone samudio.net db.samudio.net | + | * ''named-checkzone samudio.net db.samudio.net'' |
| - | - named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.168.192 | + | * ''named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.168.192'' |
| - | Restart BIND: systemctl restart bind9 | + | **Restart BIND:** ''systemctl restart bind9'' |
| - | Secondary DNS server differences: | + | **Secondary DNS server differences:** |
| - | - The forwarders section in named.conf.options should contain 8.8.8.8 and similar | + | * The forwarders section in named.conf.options should contain 8.8.8.8 and similar |
| - | - In named.conf.local, type should be "slave", with masters pointing to primary | + | * In named.conf.local, type should be "slave", with masters pointing to primary<code>zone "samudio.net" { |
| - | zone "samudio.net" { | + | type slave; |
| - | type slave; | + | file "slaves/db.samudio.net"; |
| - | file "slaves/db.samudio.net"; | + | masters { 192.168.0.123; }; # ns1 |
| - | masters { 192.168.0.123; }; # ns1 | + | };</code><code>zone "168.192.in-addr.arpa" { |
| - | }; | + | type slave; |
| - | zone "168.192.in-addr.arpa" { | + | file "slaves/db.168.192"; |
| - | type slave; | + | masters { 192.168.0.123; }; # ns1 |
| - | file "slaves/db.168.192"; | + | };</code> |
| - | masters { 192.168.0.123; }; # ns1 | + | |
| - | }; | + | |
| - | If using UFW firewall, remember to update rules (on all DNS servers): | + | **If using UFW firewall, remember to update rules (on all DNS servers):** ''ufw allow Bind9'' |
| - | - ufw allow Bind9 | + | |
| - | On clients, in /etc/network/interfaces: | + | **On clients, in** ''/etc/network/interfaces'':<code> dns-nameservers 192.168.0.123 192.168.0.125 8.8.8.8 |
| - | - dns-nameservers 192.168.0.123 192.168.0.125 8.8.8.8 | + | dns-search samudio.net</code> |
| - | - dns-search samudio.net | + | |
| - | Refresh network interface (on clients): | + | **Refresh network interface (on clients):** ''ifdown --force eth0 && ip addr flush dev eth0 && ifup --force eth0'' |
| - | - ifdown --force eth0 && ip addr flush dev eth0 && ifup --force eth0 | + | |
| - | Check /etc/resolv.conf on client for correct update, should look like: | + | **Check /etc/resolv.conf on client for correct update, should look like:** |
| + | <code> | ||
| nameserver 192.168.0.123 | nameserver 192.168.0.123 | ||
| nameserver 192.168.0.125 | nameserver 192.168.0.125 | ||
tech/linux/ubuntu/dns.1466271516.txt.gz · Last modified: 2016/06/18 12:38 by rk4n3
Page Tools
