Raspberry Pi Secondary DNS Server

From Chorke Wiki
Jump to navigation Jump to search

Domain Information

Domain       : chorke.org
Subdomain    : bgd.chorke.org (public)
CNAME of dev : cki00.ddns.net (noip.com)

Netowrk Information

GTW : 10.19.83.1    (Gateway/Router)
DMZ : 10.19.83.100  (bgd.chorke.org  & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)

Install

sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge  bind9 bind9utils bind9-doc dnsutils
#sudo apt autoremove

nano /etc/default/bind9

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Primary Options

nano /etc/bind/named.conf.options

acl internals {
    127.0.0.0/24;  # 0-255
    10.19.83.0/24; # 0-255
};

acl externals {
    10.19.83.0/29;  # 0-7
    !10.19.83.0/24; # 0-255
};

options {
    directory "/var/cache/bind";
    auth-nxdomain no;
    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    listen-on port 53 {
        127.0.0.1;
        10.19.83.100;
    };

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

    forwarders {
        8.8.8.8;    # Google DNS
        8.8.4.4;    # Google DNS
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    recursion yes;
    listen-on-v6 { none; };
    allow-transfer { none; };
    allow-query { internals; };
    allow-recursion { internals; };
};

Primary Zones

nano /etc/bind/named.conf.local

include "/etc/bind/rndc.key";
zone "bgd.chorke.org" {
    type master;
    file "/etc/bind/zones/db.bgd.chorke.org";     # zone file path
    allow-update { key rndc-key; };
    allow-transfer {
        10.19.83.101;
        10.19.83.102;
    };
};

zone "83.19.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.83.19.10";           # 10.19.83.0/24 subnet
    allow-update { key rndc-key; };
    allow-transfer {
        10.19.83.101;                
        10.19.83.102;             
    };
};

// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";

Forward Zone

mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.bgd.chorke.org
nano /etc/bind/zones/db.bgd.chorke.org
;
; BIND forward data file
;
$TTL     600    ;  10M
$ORIGIN bgd.chorke.org.

@       IN      SOA     dns0.bgd.chorke.org. root.bgd.chorke.org. (
                        202012050           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10M
; NS Records Name Servers
@       IN      NS      dns0.bgd.chorke.org.
@       IN      NS      dns1.bgd.chorke.org.
@       IN      NS      dns2.bgd.chorke.org.
@       IN      A       10.19.83.100

; A  Records Name Servers
dns0            A       10.19.83.100
dns1            A       10.19.83.101
dns2            A       10.19.83.102

; A  Records 10.19.83.0/24
apn0            A       10.19.83.2
db00            A       10.19.83.105
db01            A       10.19.83.208
db02            A       10.19.83.109
dmz0            A       10.19.83.100
ftp0            A       10.19.83.204
git0            A       10.19.83.206
gtw0            A       10.19.83.1
iis0            A       10.19.83.207
mac0            A       10.19.83.110
mcu0            A       10.19.83.99
mob0            A       10.19.83.4
mob1            A       10.19.83.5
mob2            A       10.19.83.6
nas0            A       10.19.83.204
ns00            A       10.19.83.100
ns01            A       10.19.83.101
ns02            A       10.19.83.102
ns03            A       10.19.83.203
ns04            A       10.19.83.204
ns05            A       10.19.83.105
ns06            A       10.19.83.206
ns07            A       10.19.83.207
ns08            A       10.19.83.208
ns09            A       10.19.83.109
ns10            A       10.19.83.110
pc00            A       10.19.83.207
pc01            A       10.19.83.208
pc02            A       10.19.83.109
pc03            A       10.19.83.110
pi00            A       10.19.83.100
pi01            A       10.19.83.101
pi02            A       10.19.83.102
pi03            A       10.19.83.203
pi04            A       10.19.83.204
pi05            A       10.19.83.105
pi06            A       10.19.83.206
tab0            A       10.19.83.7
tv00            A       10.19.83.3
vpn0            A       10.19.83.203
www0            A       10.19.83.100
; CNAME
www             CNAME   www0

Reverse Zone

cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;

$TTL 600 ; 10M
$ORIGIN 83.19.10.in-addr.arpa.

@       IN      SOA     dns0.bgd.chorke.org. root.bgd.chorke.org. (
                        202012050           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10M
; NS  Records
@       IN      NS      dns0.bgd.chorke.org.
@       IN      NS      dns1.bgd.chorke.org.
@       IN      NS      dns2.bgd.chorke.org.
; PTR Records
1       IN      PTR     gtw0.bgd.chorke.org.
2       IN      PTR     apn0.bgd.chorke.org.
3       IN      PTR     tv00.bgd.chorke.org.
4       IN      PTR     mob0.bgd.chorke.org.
5       IN      PTR     mob1.bgd.chorke.org.
6       IN      PTR     mob2.bgd.chorke.org.
7       IN      PTR     tab0.bgd.chorke.org.
99      IN      PTR     mcu0.bgd.chorke.org.
100     IN      PTR     dmz0.bgd.chorke.org.
100     IN      PTR     dns0.bgd.chorke.org.
100     IN      PTR     ns00.bgd.chorke.org.
100     IN      PTR     pi00.bgd.chorke.org.
100     IN      PTR     www.bgd.chorke.org.
100     IN      PTR     www0.bgd.chorke.org.
101     IN      PTR     dns1.bgd.chorke.org.
101     IN      PTR     ns01.bgd.chorke.org.
101     IN      PTR     pi01.bgd.chorke.org.
102     IN      PTR     dns2.bgd.chorke.org.
102     IN      PTR     ns02.bgd.chorke.org.
102     IN      PTR     pi02.bgd.chorke.org.
105     IN      PTR     ns05.bgd.chorke.org.
105     IN      PTR     pi05.bgd.chorke.org.
105     IN      PTR     rdb0.bgd.chorke.org.
109     IN      PTR     db02.bgd.chorke.org.
109     IN      PTR     ns09.bgd.chorke.org.
109     IN      PTR     pc02.bgd.chorke.org.
110     IN      PTR     mac0.bgd.chorke.org.
110     IN      PTR     ns10.bgd.chorke.org.
110     IN      PTR     pc03.bgd.chorke.org.
203     IN      PTR     ns03.bgd.chorke.org.
203     IN      PTR     pi03.bgd.chorke.org.
203     IN      PTR     vpn0.bgd.chorke.org.
204     IN      PTR     ftp0.bgd.chorke.org.
204     IN      PTR     nas0.bgd.chorke.org.
204     IN      PTR     ns04.bgd.chorke.org.
204     IN      PTR     pi04.bgd.chorke.org.
206     IN      PTR     git0.bgd.chorke.org.
206     IN      PTR     ns06.bgd.chorke.org.
206     IN      PTR     pi06.bgd.chorke.org.
207     IN      PTR     iis0.bgd.chorke.org.
207     IN      PTR     ns07.bgd.chorke.org.
207     IN      PTR     pc00.bgd.chorke.org.
208     IN      PTR     ns08.bgd.chorke.org.
208     IN      PTR     pc01.bgd.chorke.org.
208     IN      PTR     rdb1.bgd.chorke.org.

Secondary Options

nano /etc/bind/named.conf.options

acl internals {
    127.0.0.0/24;  # 0-255
    10.19.83.0/24; # 0-255
};

acl externals {
    10.19.83.0/29;  # 0-7
    !10.19.83.0/24; # 0-255
};

options {
    directory "/var/cache/bind";
    auth-nxdomain no;
    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    listen-on port 53 {
        127.0.0.1;
        10.19.83.101;
    };

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    forwarders {
        8.8.8.8;    # Google DNS
        8.8.4.4;    # Google DNS
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    recursion yes;
    listen-on-v6 { none; };
    allow-transfer { none; };
    allow-query { internals; };
    allow-recursion { internals; };
};

Secondary Zones

nano /etc/bind/named.conf.local

include "/etc/bind/rndc.key";
zone "bgd.chorke.org" {
    type slave;
    file "db.bgd.chorke.org";     # zone file path
    masters { 10.19.83.100; };
};

zone "83.19.10.in-addr.arpa" {
    type slave;
    file "db.83.19.10";           # 10.19.83.0/24 subnet
    masters { 10.19.83.100; };
};

// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";

Server

named-checkconf -z
named-checkzone bgd.chorke.org /etc/bind/zones/db.bgd.chorke.org
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload

Client

sudo nano /etc/dhcpcd.conf

# Chorke Academia, Inc.
#static domain_name_servers=10.19.83.100 10.19.83.1
static domain_search=bgd.chorke.org
#static host_name=pih
sudo systemctl restart dhcpcd
sudo systemctl daemon-reload

sudo apt install resolvconf
sudo apt install openresolv
sudo resolvconf -u

Debug

@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
scutil --dns
scutil -r hostname
# clear macos dns cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.100 chorke.org
dig @10.19.83.100 bgd.chorke.org
dig @10.19.83.100 apn.bgd.chorke.org
dig @10.19.83.100 gtw.bgd.chorke.org
#from horizon/world wide 
dig @bgd.chorke.org chorke.org
dig @bgd.chorke.org -x 10.19.83.1
dig @bgd.chorke.org bgd.chorke.org
dig @bgd.chorke.org apn.bgd.chorke.org
dig @bgd.chorke.org gtw.bgd.chorke.org
#from lan only
nslookup chorke.org
nslookup bgd.chorke.org
nslookup apn.bgd.chorke.org
nslookup gtw.bgd.chorke.org

References