Raspberry Pi Secondary DNS Server
Jump to navigation
Jump to search
Domain Information
Domain : chorke.org
Subdomain : bgd.chorke.org (public)
CNAME of dev : cki00.ddns.net (noip.com)
Netowrk Information
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.100 (bgd.chorke.org & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Install
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge bind9 bind9utils bind9-doc dnsutils
#sudo apt autoremove
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Primary Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
listen-on port 53 {
127.0.0.1;
10.19.83.100;
};
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
recursion yes;
listen-on-v6 { none; };
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Primary Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "bgd.chorke.org" {
type master;
file "/etc/bind/zones/db.bgd.chorke.org"; # zone file path
allow-update { key rndc-key; };
allow-transfer {
10.19.83.101;
10.19.83.102;
};
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
allow-transfer {
10.19.83.101;
10.19.83.102;
};
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.bgd.chorke.org
nano /etc/bind/zones/db.bgd.chorke.org
;
; BIND forward data file
;
$TTL 600 ; 10M
$ORIGIN bgd.chorke.org.
@ IN SOA dns0.bgd.chorke.org. root.bgd.chorke.org. (
202012050 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records Name Servers
@ IN NS dns0.bgd.chorke.org.
@ IN NS dns1.bgd.chorke.org.
@ IN NS dns2.bgd.chorke.org.
@ IN A 10.19.83.100
; A Records Name Servers
dns0 A 10.19.83.100
dns1 A 10.19.83.101
dns2 A 10.19.83.102
; A Records 10.19.83.0/24
apn0 A 10.19.83.2
db00 A 10.19.83.105
db01 A 10.19.83.208
db02 A 10.19.83.109
dmz0 A 10.19.83.100
ftp0 A 10.19.83.204
git0 A 10.19.83.206
gtw0 A 10.19.83.1
iis0 A 10.19.83.207
mac0 A 10.19.83.110
mcu0 A 10.19.83.99
mob0 A 10.19.83.4
mob1 A 10.19.83.5
mob2 A 10.19.83.6
nas0 A 10.19.83.204
ns00 A 10.19.83.100
ns01 A 10.19.83.101
ns02 A 10.19.83.102
ns03 A 10.19.83.203
ns04 A 10.19.83.204
ns05 A 10.19.83.105
ns06 A 10.19.83.206
ns07 A 10.19.83.207
ns08 A 10.19.83.208
ns09 A 10.19.83.109
ns10 A 10.19.83.110
pc00 A 10.19.83.207
pc01 A 10.19.83.208
pc02 A 10.19.83.109
pc03 A 10.19.83.110
pi00 A 10.19.83.100
pi01 A 10.19.83.101
pi02 A 10.19.83.102
pi03 A 10.19.83.203
pi04 A 10.19.83.204
pi05 A 10.19.83.105
pi06 A 10.19.83.206
tab0 A 10.19.83.7
tv00 A 10.19.83.3
vpn0 A 10.19.83.203
www0 A 10.19.83.100
; CNAME
www CNAME www0
Reverse Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL 600 ; 10M
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA dns0.bgd.chorke.org. root.bgd.chorke.org. (
202012050 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS dns0.bgd.chorke.org.
@ IN NS dns1.bgd.chorke.org.
@ IN NS dns2.bgd.chorke.org.
; PTR Records
1 IN PTR gtw0.bgd.chorke.org.
2 IN PTR apn0.bgd.chorke.org.
3 IN PTR tv00.bgd.chorke.org.
4 IN PTR mob0.bgd.chorke.org.
5 IN PTR mob1.bgd.chorke.org.
6 IN PTR mob2.bgd.chorke.org.
7 IN PTR tab0.bgd.chorke.org.
99 IN PTR mcu0.bgd.chorke.org.
100 IN PTR dmz0.bgd.chorke.org.
100 IN PTR dns0.bgd.chorke.org.
100 IN PTR ns00.bgd.chorke.org.
100 IN PTR pi00.bgd.chorke.org.
100 IN PTR www.bgd.chorke.org.
100 IN PTR www0.bgd.chorke.org.
101 IN PTR dns1.bgd.chorke.org.
101 IN PTR ns01.bgd.chorke.org.
101 IN PTR pi01.bgd.chorke.org.
102 IN PTR dns2.bgd.chorke.org.
102 IN PTR ns02.bgd.chorke.org.
102 IN PTR pi02.bgd.chorke.org.
105 IN PTR ns05.bgd.chorke.org.
105 IN PTR pi05.bgd.chorke.org.
105 IN PTR rdb0.bgd.chorke.org.
109 IN PTR db02.bgd.chorke.org.
109 IN PTR ns09.bgd.chorke.org.
109 IN PTR pc02.bgd.chorke.org.
110 IN PTR mac0.bgd.chorke.org.
110 IN PTR ns10.bgd.chorke.org.
110 IN PTR pc03.bgd.chorke.org.
203 IN PTR ns03.bgd.chorke.org.
203 IN PTR pi03.bgd.chorke.org.
203 IN PTR vpn0.bgd.chorke.org.
204 IN PTR ftp0.bgd.chorke.org.
204 IN PTR nas0.bgd.chorke.org.
204 IN PTR ns04.bgd.chorke.org.
204 IN PTR pi04.bgd.chorke.org.
206 IN PTR git0.bgd.chorke.org.
206 IN PTR ns06.bgd.chorke.org.
206 IN PTR pi06.bgd.chorke.org.
207 IN PTR iis0.bgd.chorke.org.
207 IN PTR ns07.bgd.chorke.org.
207 IN PTR pc00.bgd.chorke.org.
208 IN PTR ns08.bgd.chorke.org.
208 IN PTR pc01.bgd.chorke.org.
208 IN PTR rdb1.bgd.chorke.org.
Secondary Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
listen-on port 53 {
127.0.0.1;
10.19.83.101;
};
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
recursion yes;
listen-on-v6 { none; };
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Secondary Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "bgd.chorke.org" {
type slave;
file "db.bgd.chorke.org"; # zone file path
masters { 10.19.83.100; };
};
zone "83.19.10.in-addr.arpa" {
type slave;
file "db.83.19.10"; # 10.19.83.0/24 subnet
masters { 10.19.83.100; };
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Server
named-checkconf -z
named-checkzone bgd.chorke.org /etc/bind/zones/db.bgd.chorke.org
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload
Client
sudo nano /etc/dhcpcd.conf
# Chorke Academia, Inc.
#static domain_name_servers=10.19.83.100 10.19.83.1
static domain_search=bgd.chorke.org
#static host_name=pih
sudo systemctl restart dhcpcd
sudo systemctl daemon-reload
sudo apt install resolvconf
sudo apt install openresolv
sudo resolvconf -u
Debug
@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
scutil --dns
scutil -r hostname
# clear macos dns cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.100 chorke.org
dig @10.19.83.100 bgd.chorke.org
dig @10.19.83.100 apn.bgd.chorke.org
dig @10.19.83.100 gtw.bgd.chorke.org
#from horizon/world wide
dig @bgd.chorke.org chorke.org
dig @bgd.chorke.org -x 10.19.83.1
dig @bgd.chorke.org bgd.chorke.org
dig @bgd.chorke.org apn.bgd.chorke.org
dig @bgd.chorke.org gtw.bgd.chorke.org
#from lan only
nslookup chorke.org
nslookup bgd.chorke.org
nslookup apn.bgd.chorke.org
nslookup gtw.bgd.chorke.org
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Stealth (DMZ/Hidden Master) Name Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9
- DNS Sample External Domain Zone file
- BIND Definition of Address List Match
- DNS not resolving on Mac OS X
- Stealth (Split/DMZ) DNS Server
- List of Statements