Raspberry Pi Authoritative DNS Server: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 67: | Line 67: | ||
==Keygen== | ==Keygen== | ||
<source lang="bash"> | <source lang="bash"> | ||
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER | dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz | ||
</source> | </source> | ||
| Line 88: | Line 86: | ||
}; | }; | ||
zone " | zone "ddn.dev.shahed.biz" { | ||
type master; | type master; | ||
file "/etc/bind/zones/db. | file "/etc/bind/zones/db.ddn.dev.shahed.biz"; | ||
notify yes; | notify yes; | ||
allow-update { key | allow-update { key ddn.dev.shahed.biz.; }; | ||
allow-query { any; }; | allow-query { any; }; | ||
}; | }; | ||
key | key ddn.dev.shahed.biz. { | ||
algorithm HMAC-MD5; | algorithm HMAC-MD5; | ||
secret "RJkf2z/uhy4Fec8j0/nP0g=="; | secret "RJkf2z/uhy4Fec8j0/nP0g=="; | ||
| Line 115: | Line 113: | ||
; BIND forward data file | ; BIND forward data file | ||
; | ; | ||
$TTL 600 ; | $TTL 600 ; 10M | ||
$ORIGIN dev.shahed.biz. | $ORIGIN dev.shahed.biz. | ||
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | @ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | ||
201908121 ; Serial YYYYmmddI | |||
3600 ; Refresh 01H | 3600 ; Refresh 01H | ||
600 ; Retry 10M | 600 ; Retry 10M | ||
86400 ; Expire 01D | 86400 ; Expire 01D | ||
600 ) ; Negative Cache TTL | 600 ) ; Negative Cache TTL 10M | ||
; NS Records | ; NS Records | ||
@ IN NS ns0.dev.shahed.biz. | @ IN NS ns0.dev.shahed.biz. | ||
| Line 133: | Line 131: | ||
apn A 10.19.83.2 | apn A 10.19.83.2 | ||
gtw A 10.19.83.1 | gtw A 10.19.83.1 | ||
mac A 10.19.83.10 | |||
ns0 A 10.19.83.3 | ns0 A 10.19.83.3 | ||
one A 10.19.83.8 | |||
rai A 10.19.83.6 | |||
ras A 10.19.83.3 | |||
rus A 10.19.83.12 | |||
sha A 10.19.83.11 | |||
; CNAME | ; CNAME | ||
ftp CNAME ns0 | ftp CNAME ns0 | ||
| Line 149: | Line 153: | ||
; BIND reverse data file | ; BIND reverse data file | ||
; | ; | ||
$TTL 600 ; | $TTL 600 ; 10M | ||
$ORIGIN 83.19.10.in-addr.arpa. | $ORIGIN 83.19.10.in-addr.arpa. | ||
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | @ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | ||
201908121 ; Serial YYYYmmddI | |||
3600 ; Refresh 01H | 3600 ; Refresh 01H | ||
600 ; Retry 10M | 600 ; Retry 10M | ||
86400 ; Expire 01D | 86400 ; Expire 01D | ||
600 ) ; Negative Cache TTL | 600 ) ; Negative Cache TTL 10M | ||
; NS Records | ; NS Records | ||
@ IN NS ns0.dev.shahed.biz. | @ IN NS ns0.dev.shahed.biz. | ||
| Line 166: | Line 170: | ||
1.83 IN PTR gtw.dev.shahed.biz. | 1.83 IN PTR gtw.dev.shahed.biz. | ||
2.83 IN PTR apn.dev.shahed.biz. | 2.83 IN PTR apn.dev.shahed.biz. | ||
3.83 IN PTR dev.shahed.biz. | |||
3.83 IN PTR ftp.dev.shahed.biz. | |||
3.83 IN PTR ns0.dev.shahed.biz. | 3.83 IN PTR ns0.dev.shahed.biz. | ||
3.83 IN PTR rpi.dev.shahed.biz. | 3.83 IN PTR rpi.dev.shahed.biz. | ||
6.83 IN PTR rai.dev.shahed.biz. | |||
3.83 IN PTR dev.shahed.biz. | 3.83 IN PTR ras.dev.shahed.biz. | ||
8.83 IN PTR one.dev.shahed.biz. | |||
10.83 IN PTR mac.dev.shahed.biz. | |||
11.83 IN PTR sha.dev.shahed.biz. | |||
12.83 IN PTR rus.dev.shahed.biz. | |||
</source> | </source> | ||
===DDNS Forward Zone=== | ===DDNS Forward Zone=== | ||
<source lang="bash"> | <source lang="bash"> | ||
cp /etc/bind/db.local /etc/bind/zones/db. | cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz | ||
nano /etc/bind/zones/db. | nano /etc/bind/zones/db.ddn.dev.shahed.biz | ||
</source> | </source> | ||
<source lang="ini"> | <source lang="ini"> | ||
; | ; | ||
; BIND forward data file for | ; BIND forward data file for ddn.dev.shahed.biz | ||
; | ; | ||
$ORIGIN . | $ORIGIN . | ||
$TTL | $TTL 600 ; 10M | ||
ddn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. ( | |||
201908121 ; serial YYYYmmddI | |||
600 ; refresh 10M | |||
7200 ; retry 02H | 7200 ; retry 02H | ||
604800 ; expire 01W | 604800 ; expire 01W | ||
600 ) ; Negative Cache TTL 10M | |||
NS ns0.dev.shahed.biz. | NS ns0.dev.shahed.biz. | ||
A | A 10.19.83.3 | ||
</source> | </source> | ||
| Line 199: | Line 207: | ||
<source lang="bash"> | <source lang="bash"> | ||
named-checkconf -z | named-checkconf -z | ||
named-checkzone | named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz | ||
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz | named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz | ||
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10 | named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10 | ||
| Line 226: | Line 234: | ||
</source> | </source> | ||
<code>nano /etc/ | <code>nano /etc/hosts</code> | ||
<source lang="ini"> | <source lang="ini"> | ||
10.19.83.3 dev.shahed.biz dev | |||
10.19.83.3 ddn.dev.shahed.biz ddn | |||
10.19.83.3 ras.dev.shahed.biz ras | |||
10.19.83.3 rpi.dev.shahed.biz rpi | |||
</source> | </source> | ||
| Line 262: | Line 272: | ||
# if different, tell dns | # if different, tell dns | ||
echo "server | echo "server dev.shahed.biz" > $DNSP/zone | ||
echo "zone | echo "zone ddn.dev.shahed.biz" >> $DNSP/zone | ||
echo "update delete | echo "update delete ddn.dev.shahed.biz. A" >> $DNSP/zone | ||
echo "update add | echo "update add ddn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone | ||
echo "show" >> $DNSP/zone | echo "show" >> $DNSP/zone | ||
echo "send" >> $DNSP/zone | echo "send" >> $DNSP/zone | ||
/usr/bin/nsupdate -k $DNSP/ | /usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+42903.private $DNSP/zone | ||
sleep 300 # (5M, 30M) = (300, 1800) | sleep 300 # (5M, 30M) = (300, 1800) | ||
done | done | ||
| Line 303: | Line 313: | ||
dig @10.19.83.3 dev.shahed.biz | dig @10.19.83.3 dev.shahed.biz | ||
dig @10.19.83.3 apn.dev.shahed.biz | dig @10.19.83.3 apn.dev.shahed.biz | ||
dig @10.19.83.3 | dig @10.19.83.3 ddn.dev.shahed.biz | ||
dig @10.19.83.3 gtw.dev.shahed.biz | dig @10.19.83.3 gtw.dev.shahed.biz | ||
</source> | </source> | ||
| Line 313: | Line 323: | ||
dig @dev.shahed.biz dev.shahed.biz | dig @dev.shahed.biz dev.shahed.biz | ||
dig @dev.shahed.biz apn.dev.shahed.biz | dig @dev.shahed.biz apn.dev.shahed.biz | ||
dig @dev.shahed.biz | dig @dev.shahed.biz ddn.dev.shahed.biz | ||
dig @dev.shahed.biz gtw.dev.shahed.biz | dig @dev.shahed.biz gtw.dev.shahed.biz | ||
</source> | </source> | ||
| Line 322: | Line 332: | ||
nslookup dev.shahed.biz | nslookup dev.shahed.biz | ||
nslookup apn.dev.shahed.biz | nslookup apn.dev.shahed.biz | ||
nslookup | nslookup ddn.dev.shahed.biz | ||
nslookup gtw.dev.shahed.biz | nslookup gtw.dev.shahed.biz | ||
</source> | </source> | ||
Revision as of 03:42, 12 August 2019
Domain Information
Domain : shahed.biz
Name Server : ns8533.hostgator.com
Name Server : ns8534.hostgator.com
Subdomain : dev.shahed.biz (public)
CNAME of dev : cki00.ddns.net (noip.com)
Netowrk Information
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.3 (dev.shahed.biz & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Install
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.3;
};
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Keygen
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz
Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
};
zone "ddn.dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.ddn.dev.shahed.biz";
notify yes;
allow-update { key ddn.dev.shahed.biz.; };
allow-query { any; };
};
key ddn.dev.shahed.biz. {
algorithm HMAC-MD5;
secret "RJkf2z/uhy4Fec8j0/nP0g==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward Lookup Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND forward data file
;
$TTL 600 ; 10M
$ORIGIN dev.shahed.biz.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
@ IN A 10.19.83.3
; A Records
apn A 10.19.83.2
gtw A 10.19.83.1
mac A 10.19.83.10
ns0 A 10.19.83.3
one A 10.19.83.8
rai A 10.19.83.6
ras A 10.19.83.3
rus A 10.19.83.12
sha A 10.19.83.11
; CNAME
ftp CNAME ns0
rpi CNAME ns0
Reverse Lookup Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL 600 ; 10M
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
; PTR Records
1.83 IN PTR gtw.dev.shahed.biz.
2.83 IN PTR apn.dev.shahed.biz.
3.83 IN PTR dev.shahed.biz.
3.83 IN PTR ftp.dev.shahed.biz.
3.83 IN PTR ns0.dev.shahed.biz.
3.83 IN PTR rpi.dev.shahed.biz.
6.83 IN PTR rai.dev.shahed.biz.
3.83 IN PTR ras.dev.shahed.biz.
8.83 IN PTR one.dev.shahed.biz.
10.83 IN PTR mac.dev.shahed.biz.
11.83 IN PTR sha.dev.shahed.biz.
12.83 IN PTR rus.dev.shahed.biz.
DDNS Forward Zone
cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz
nano /etc/bind/zones/db.ddn.dev.shahed.biz
;
; BIND forward data file for ddn.dev.shahed.biz
;
$ORIGIN .
$TTL 600 ; 10M
ddn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. (
201908121 ; serial YYYYmmddI
600 ; refresh 10M
7200 ; retry 02H
604800 ; expire 01W
600 ) ; Negative Cache TTL 10M
NS ns0.dev.shahed.biz.
A 10.19.83.3
Server
named-checkconf -z
named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload
Client
nano /etc/resolv.conf
nameserver 10.19.83.3
search dev.shahed.biz
nano /etc/hosts
10.19.83.3 dev.shahed.biz dev
10.19.83.3 ddn.dev.shahed.biz ddn
10.19.83.3 ras.dev.shahed.biz ras
10.19.83.3 rpi.dev.shahed.biz rpi
DDNS Client
$HOME/ddnsclient
#!/bin/bash
: '
@author "Chorke Academia, Inc."<devs@chorke.org>
@vendor Chorke Academia, Inc.
@web http://chorke.org
@version 1.0.00.GA
@since 1.0.00.GA
'
# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org
IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'
while true; do
# first, retrieve ipaddress
CURIP=`curl -s $IPS | awk '{ print $1 }'`
OLDIP=`cat $DNSP/oldip`
# compare to previously saved ip
[ "$CURIP" == "$OLDIP" ] && continue
echo $CURIP > $DNSP/oldip
# if different, tell dns
echo "server dev.shahed.biz" > $DNSP/zone
echo "zone ddn.dev.shahed.biz" >> $DNSP/zone
echo "update delete ddn.dev.shahed.biz. A" >> $DNSP/zone
echo "update add ddn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone
echo "show" >> $DNSP/zone
echo "send" >> $DNSP/zone
/usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+42903.private $DNSP/zone
sleep 300 # (5M, 30M) = (300, 1800)
done
chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &
Debug
@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
# clear macos dns cache
sudo killall -HUP mDNSResponder
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.3 shahed.biz
dig @10.19.83.3 dev.shahed.biz
dig @10.19.83.3 apn.dev.shahed.biz
dig @10.19.83.3 ddn.dev.shahed.biz
dig @10.19.83.3 gtw.dev.shahed.biz
#from horizon/world wide
dig @dev.shahed.biz shahed.biz
dig @dev.shahed.biz -x 10.19.83.1
dig @dev.shahed.biz dev.shahed.biz
dig @dev.shahed.biz apn.dev.shahed.biz
dig @dev.shahed.biz ddn.dev.shahed.biz
dig @dev.shahed.biz gtw.dev.shahed.biz
#from lan only
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup ddn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Stealth (DMZ/Hidden Master) Name Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9
- DNS Sample External Domain Zone file
- BIND Definition of Address List Match
- Stealth (Split/DMZ) DNS Server
- List of Statements