Raspberry Pi Authoritative DNS Server

From Chorke Wiki
Revision as of 05:19, 5 August 2019 by Shahed (talk | contribs)
Jump to navigation Jump to search

Domain Information 

Domain       : shahed.biz
Name Server  : ns8533.hostgator.com
Name Server  : ns8534.hostgator.com
Subdomain    : dev.shahed.biz (public)
CNAME of bgd : cki00.ddns.net (noip.com)

Netowrk Information 

GTW : 10.19.83.1    (Gateway/Router)
DMZ : 10.19.83.3    (dev.shahed.biz  & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)

Install

sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Options

nano /etc/bind/named.conf.options 

acl internals {
        127.0.0.0/24;  # 0-255
        10.19.83.0/24; # 0-255
};

acl externals {
        10.19.83.0/29;  # 0-7
        !10.19.83.0/24; # 0-255
};

options {
        directory "/var/cache/bind";
        auth-nxdomain no;
        forwarders {
                8.8.8.8;    # Google DNS
                8.8.4.4;    # Google DNS
                10.19.83.1; # Router DNS
        };
        dnssec-validation auto;
        listen-on-v6 { none; };
        listen-on port 53 {
                127.0.0.1;
                10.19.83.3;
        };
        allow-transfer { none; };
        allow-query { internals; };
        allow-recursion { internals; };
};

Keygen

dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER apn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER dyn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER gtw.dev.shahed.biz

Zones

nano /etc/bind/named.conf.local 

include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
    type master;
    file "/etc/bind/zones/db.dev.shahed.biz";     # zone file path
    allow-update { key rndc-key; };
};

zone "83.19.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.83.19.10";           # 10.19.83.0/24 subnet
    allow-update { key rndc-key; };
};

zone "dyn.dev.shahed.biz" {
        type master;
        file "/etc/bind/zones/db.dyn.dev.shahed.biz";
        notify yes;
        allow-update { key dyn.dev.shahed.biz.; };
        allow-query { any; };
};

key dyn.dev.shahed.biz. {
        algorithm HMAC-MD5;
        secret "RJkf2z/uhy4Fec8j0/nP0g==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";

Forward Lookup Zone

mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz

;
; BIND forward data file
;
$TTL     600    ;  10S
$ORIGIN dev.shahed.biz.

@       IN      SOA     ns0.dev.shahed.biz. root.dev.shahed.biz. (
                        201908011           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10S
; NS Records
@       IN      NS      ns0.dev.shahed.biz.
@       IN      NS      ns8533.hostgator.com.
@       IN      NS      ns8534.hostgator.com.
@       IN      NS      dev.shahed.biz.
@       IN      A       10.19.83.3
; A  Records
apn             A       10.19.83.2
gtw             A       10.19.83.1
ns0             A       10.19.83.3
; CNAME
ftp             CNAME   ns0
rpi             CNAME   ns0

Reverse Lookup Zone

cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10

;
; BIND reverse data file
;
$TTL     600    ; 10S
$ORIGIN 83.19.10.in-addr.arpa.

@       IN      SOA     ns0.dev.shahed.biz. root.dev.shahed.biz. (
                        201908011           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10S
; NS  Records
@       IN      NS      ns0.dev.shahed.biz.
@       IN      NS      ns8533.hostgator.com.
@       IN      NS      ns8534.hostgator.com.
@       IN      NS      dev.shahed.biz.
; PTR Records
1.83    IN      PTR     gtw.dev.shahed.biz.
2.83    IN      PTR     apn.dev.shahed.biz.
3.83    IN      PTR     ns0.dev.shahed.biz.
; PTR CNAME
3.83    IN      PTR     ftp.dev.shahed.biz.
3.83    IN      PTR     rpi.dev.shahed.biz.
; PTR ORIGIN
3.83    IN      PTR     dev.shahed.biz.

DDNS Forward Zone

cp /etc/bind/db.local /etc/bind/zones/db.dns.dev.shahed.biz
nano /etc/bind/zones/db.dns.dev.shahed.biz

;
; BIND forward data file for dyn.dev.shahed.biz
;
$ORIGIN .
$TTL 86400              ; 1D
dyn.dev.shahed.biz      IN SOA  ns0.dev.shahed.biz. root.dyn.dev.shahed.biz. (
                                201908011           ; serial       YYYYmmddI
                                    28800           ; refresh            08H
                                     7200           ; retry              02H
                                   604800           ; expire             01W
                                    86400 )         ; Negative Cache TTL 01D
                        NS      ns0.dev.shahed.biz.
                        A       202.186.223.134

Server

named-checkconf -z
named-checkzone dyn.dev.shahed.biz /etc/bind/zones/db.dyn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10

update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot

rndc dumpdb -cache
rndc flush
rndc reload

Client

nano /etc/resolv.conf 

nameserver 10.19.83.3
search dev.shahed.biz

nano /etc/network/interfaces 

dns-nameservers 10.19.83.3
dns-search dev.shahed.biz

DDNS Client

$HOME/ddnsclient 

#!/bin/bash
: '
 @author   "Chorke Academia, Inc."<devs@chorke.org>
 @vendor    Chorke Academia, Inc.
 @web       http://chorke.org
 @version   1.0.00.GA
 @since     1.0.00.GA
'

# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org

IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'

while true; do
    # first, retrieve ipaddress
    CURIP=`curl -s $IPS | awk '{ print $1 }'`
    OLDIP=`cat $DNSP/oldip`

    # compare to previously saved ip
    [ "$CURIP" == "$OLDIP" ] && continue
    echo $CURIP > $DNSP/oldip

    # if different, tell dns
    echo "server ns0.dev.shahed.biz" > $DNSP/zone
    echo "zone dyn.dev.shahed.biz"  >> $DNSP/zone
    echo "update delete dyn.dev.shahed.biz. A"  >> $DNSP/zone
    echo "update add dyn.dev.shahed.biz. 86400 A $CURIP"  >> $DNSP/zone
    echo "show" >> $DNSP/zone
    echo "send" >> $DNSP/zone
    /usr/bin/nsupdate -k $DNSP/Kdyn.dev.shahed.biz.+157+42903.private $DNSP/zone
    sleep 300 # (5M, 30M) = (300, 1800)
done

chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &

Debug

@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns

# clear macos dns cache
sudo killall -HUP mDNSResponder

# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start

dig @10.19.83.3 shahed.biz
dig @10.19.83.3 dev.shahed.biz
dig @10.19.83.3 apn.dev.shahed.biz
dig @10.19.83.3 dyn.dev.shahed.biz
dig @10.19.83.3 gtw.dev.shahed.biz

nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup dyn.dev.shahed.biz
nslookup gtw.dev.shahed.biz

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Raspberry_Pi_Authoritative_DNS_Server&oldid=1630"