Raspberry Pi Authoritative DNS Server: Difference between revisions
Jump to navigation
Jump to search
(→Client) |
|||
| (20 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
'''Domain Information''' | |||
<source lang="bash"> | |||
Domain : shahed.biz | |||
Name Server : ns8533.hostgator.com | |||
Name Server : ns8534.hostgator.com | |||
Subdomain : dev.shahed.biz (public) | |||
CNAME of dev : cki00.ddns.net (noip.com) | |||
</source> | |||
'''Netowrk Information''' | |||
<source lang="bash"> | |||
GTW : 10.19.83.1 (Gateway/Router) | |||
DMZ : 10.19.83.5 (dev.shahed.biz & Name server) | |||
LAN : 10.19.83.0/24 (Private network & range 0~255) | |||
</source> | |||
==Install== | ==Install== | ||
<source lang="bash"> | <source lang="bash"> | ||
| Line 4: | Line 20: | ||
apt update && apt upgrade | apt update && apt upgrade | ||
apt install bind9 bind9utils bind9-doc dnsutils | apt install bind9 bind9utils bind9-doc dnsutils | ||
#apt purge bind9 bind9utils bind9-doc dnsutils | |||
#sudo apt autoremove | |||
</source> | </source> | ||
<code>nano /etc/default/bind9</code> | |||
<source lang="ini"> | <source lang="ini"> | ||
# run resolvconf? | # run resolvconf? | ||
| Line 40: | Line 58: | ||
listen-on port 53 { | listen-on port 53 { | ||
127.0.0.1; | 127.0.0.1; | ||
10.19.83. | 10.19.83.5; | ||
}; | }; | ||
allow-transfer { none; }; | allow-transfer { none; }; | ||
| Line 50: | Line 68: | ||
==Keygen== | ==Keygen== | ||
<source lang="bash"> | <source lang="bash"> | ||
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER | dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz | ||
</source> | </source> | ||
| Line 71: | Line 87: | ||
}; | }; | ||
zone " | zone "ddn.dev.shahed.biz" { | ||
type master; | type master; | ||
file "/etc/bind/zones/db. | file "/etc/bind/zones/db.ddn.dev.shahed.biz"; | ||
notify yes; | notify yes; | ||
allow-update { key | allow-update { key ddn.dev.shahed.biz.; }; | ||
allow-query { any; }; | allow-query { any; }; | ||
}; | }; | ||
key | key ddn.dev.shahed.biz. { | ||
algorithm HMAC-MD5; | algorithm HMAC-MD5; | ||
secret " | secret "BOpzhxmLpMwUIJR9Z3mMvQ=="; | ||
}; | }; | ||
// consider adding the 1918 zones here | // consider adding the 1918 zones here | ||
| Line 95: | Line 111: | ||
<source lang="ini"> | <source lang="ini"> | ||
; | ; | ||
; BIND forward data file | ; BIND forward data file | ||
; | ; | ||
$TTL 600 ; | $TTL 600 ; 10M | ||
$ORIGIN dev.shahed.biz. | $ORIGIN dev.shahed.biz. | ||
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | @ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | ||
201908121 ; Serial YYYYmmddI | |||
3600 ; Refresh 01H | 3600 ; Refresh 01H | ||
600 ; Retry 10M | 600 ; Retry 10M | ||
86400 ; Expire 01D | 86400 ; Expire 01D | ||
600 ) ; Negative Cache TTL | 600 ) ; Negative Cache TTL 10M | ||
; NS Records | ; NS Records | ||
@ IN NS ns0.dev.shahed.biz. | @ IN NS ns0.dev.shahed.biz. | ||
| Line 112: | Line 129: | ||
@ IN NS ns8534.hostgator.com. | @ IN NS ns8534.hostgator.com. | ||
@ IN NS dev.shahed.biz. | @ IN NS dev.shahed.biz. | ||
@ IN A 10.19.83. | @ IN A 10.19.83.5 | ||
; A Records | ; A Records | ||
apn A 10.19.83.2 | apn A 10.19.83.2 | ||
av5 A 10.19.83.9 | |||
gtw A 10.19.83.1 | gtw A 10.19.83.1 | ||
ns0 A 10.19.83.3 | mac A 10.19.83.10 | ||
ns0 A 10.19.83.5 | |||
one A 10.19.83.8 | |||
pi3 A 10.19.83.3 | |||
pih A 10.19.83.4 | |||
piw A 10.19.83.5 | |||
ras A 10.19.83.12 | |||
sha A 10.19.83.11 | |||
; CNAME | ; CNAME | ||
ftp CNAME ns0 | ftp CNAME ns0 | ||
dmz CNAME ns0 | |||
</source> | </source> | ||
| Line 132: | Line 157: | ||
; BIND reverse data file | ; BIND reverse data file | ||
; | ; | ||
$TTL 600 ; | $TTL 600 ; 10M | ||
$ORIGIN 83.19.10.in-addr.arpa. | $ORIGIN 83.19.10.in-addr.arpa. | ||
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | @ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. ( | ||
201908121 ; Serial YYYYmmddI | |||
3600 ; Refresh 01H | 3600 ; Refresh 01H | ||
600 ; Retry 10M | 600 ; Retry 10M | ||
86400 ; Expire 01D | 86400 ; Expire 01D | ||
600 ) ; Negative Cache TTL | 600 ) ; Negative Cache TTL 10M | ||
; NS Records | ; NS Records | ||
@ IN NS ns0.dev.shahed.biz. | @ IN NS ns0.dev.shahed.biz. | ||
@ IN NS dev.shahed.biz. | @ IN NS dev.shahed.biz. | ||
; PTR Records | ; PTR Records | ||
1 | 1 IN PTR gtw.dev.shahed.biz. | ||
2 | 2 IN PTR apn.dev.shahed.biz. | ||
3. | 3 IN PTR pi3.dev.shahed.biz. | ||
4 IN PTR pih.dev.shahed.biz. | |||
5 IN PTR dev.shahed.biz. | |||
5 IN PTR dmz.dev.shahed.biz. | |||
5 IN PTR ftp.dev.shahed.biz. | |||
5 IN PTR ns0.dev.shahed.biz. | |||
5 IN PTR piw.dev.shahed.biz. | |||
8 IN PTR one.dev.shahed.biz. | |||
9 IN PTR av5.dev.shahed.biz. | |||
10 IN PTR mac.dev.shahed.biz. | |||
11 IN PTR sha.dev.shahed.biz. | |||
12 IN PTR ras.dev.shahed.biz. | |||
</source> | </source> | ||
===DDNS Forward Zone=== | ===DDNS Forward Zone=== | ||
<source lang="bash"> | <source lang="bash"> | ||
cp /etc/bind/db.local /etc/bind/zones/db. | cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz | ||
nano /etc/bind/zones/db. | nano /etc/bind/zones/db.ddn.dev.shahed.biz | ||
</source> | </source> | ||
<source lang="ini"> | <source lang="ini"> | ||
; | ; | ||
; BIND forward data file for | ; BIND forward data file for ddn.dev.shahed.biz | ||
; | ; | ||
$ORIGIN . | $ORIGIN . | ||
$TTL | $TTL 600 ; 10M | ||
ddn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. ( | |||
201908121 ; serial YYYYmmddI | |||
600 ; refresh 10M | |||
7200 ; retry 02H | 7200 ; retry 02H | ||
604800 ; expire 01W | 604800 ; expire 01W | ||
600 ) ; Negative Cache TTL 10M | |||
NS ns0.dev.shahed.biz. | NS ns0.dev.shahed.biz. | ||
A | A 10.19.83.5 | ||
</source> | </source> | ||
| Line 182: | Line 211: | ||
<source lang="bash"> | <source lang="bash"> | ||
named-checkconf -z | named-checkconf -z | ||
named-checkzone | named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz | ||
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz | named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz | ||
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10 | named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10 | ||
| Line 203: | Line 232: | ||
==Client== | ==Client== | ||
<code>nano /etc/ | <code>sudo nano /etc/dhcpcd.conf</code> | ||
<source lang="ini"> | <source lang="ini"> | ||
# Chorke Academia, Inc. | |||
#static domain_name_servers=10.19.83.5 10.19.83.1 | |||
static domain_search=dev.shahed.biz | |||
#static host_name=pih | |||
</source> | </source> | ||
<source lang="bash" highlight="5,6"> | |||
<source lang=" | sudo systemctl restart dhcpcd | ||
sudo systemctl daemon-reload | |||
sudo apt install resolvconf | |||
sudo apt install openresolv | |||
sudo resolvconf -u | |||
</source> | </source> | ||
| Line 245: | Line 279: | ||
# if different, tell dns | # if different, tell dns | ||
echo "server | echo "server dev.shahed.biz" > $DNSP/zone | ||
echo "zone | echo "zone ddn.dev.shahed.biz" >> $DNSP/zone | ||
echo "update delete | echo "update delete ddn.dev.shahed.biz. A" >> $DNSP/zone | ||
echo "update add | echo "update add ddn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone | ||
echo "show" >> $DNSP/zone | echo "show" >> $DNSP/zone | ||
echo "send" >> $DNSP/zone | echo "send" >> $DNSP/zone | ||
/usr/bin/nsupdate -k $DNSP/ | /usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+55098.private $DNSP/zone | ||
sleep 300 # (5M, 30M) = (300, 1800) | sleep 300 # (5M, 30M) = (300, 1800) | ||
done | done | ||
| Line 270: | Line 304: | ||
<source lang="bash"> | <source lang="bash"> | ||
scutil --dns | |||
scutil -r hostname | |||
# clear macos dns cache | # clear macos dns cache | ||
sudo dscacheutil -flushcache | |||
sudo killall -HUP mDNSResponder | sudo killall -HUP mDNSResponder | ||
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist | |||
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist | |||
</source> | </source> | ||
| Line 282: | Line 321: | ||
<source lang="bash"> | <source lang="bash"> | ||
dig @10.19.83. | #from local area network | ||
dig @10.19.83. | dig @10.19.83.5 shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 dev.shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 apn.dev.shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 ddn.dev.shahed.biz | ||
dig @10.19.83.5 gtw.dev.shahed.biz | |||
</source> | |||
<source lang="bash"> | |||
#from horizon/world wide | |||
dig @dev.shahed.biz shahed.biz | |||
dig @dev.shahed.biz -x 10.19.83.1 | |||
dig @dev.shahed.biz dev.shahed.biz | |||
dig @dev.shahed.biz apn.dev.shahed.biz | |||
dig @dev.shahed.biz ddn.dev.shahed.biz | |||
dig @dev.shahed.biz gtw.dev.shahed.biz | |||
</source> | </source> | ||
<source lang="bash"> | <source lang="bash"> | ||
#from lan only | |||
nslookup shahed.biz | nslookup shahed.biz | ||
nslookup dev.shahed.biz | nslookup dev.shahed.biz | ||
nslookup apn.dev.shahed.biz | nslookup apn.dev.shahed.biz | ||
nslookup | nslookup ddn.dev.shahed.biz | ||
nslookup gtw.dev.shahed.biz | nslookup gtw.dev.shahed.biz | ||
</source> | </source> | ||
Latest revision as of 17:56, 31 August 2020
Domain Information
Domain : shahed.biz
Name Server : ns8533.hostgator.com
Name Server : ns8534.hostgator.com
Subdomain : dev.shahed.biz (public)
CNAME of dev : cki00.ddns.net (noip.com)
Netowrk Information
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.5 (dev.shahed.biz & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Install
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge bind9 bind9utils bind9-doc dnsutils
#sudo apt autoremove
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.5;
};
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Keygen
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz
Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
};
zone "ddn.dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.ddn.dev.shahed.biz";
notify yes;
allow-update { key ddn.dev.shahed.biz.; };
allow-query { any; };
};
key ddn.dev.shahed.biz. {
algorithm HMAC-MD5;
secret "BOpzhxmLpMwUIJR9Z3mMvQ==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward Lookup Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND forward data file
;
$TTL 600 ; 10M
$ORIGIN dev.shahed.biz.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
@ IN A 10.19.83.5
; A Records
apn A 10.19.83.2
av5 A 10.19.83.9
gtw A 10.19.83.1
mac A 10.19.83.10
ns0 A 10.19.83.5
one A 10.19.83.8
pi3 A 10.19.83.3
pih A 10.19.83.4
piw A 10.19.83.5
ras A 10.19.83.12
sha A 10.19.83.11
; CNAME
ftp CNAME ns0
dmz CNAME ns0
Reverse Lookup Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL 600 ; 10M
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS dev.shahed.biz.
; PTR Records
1 IN PTR gtw.dev.shahed.biz.
2 IN PTR apn.dev.shahed.biz.
3 IN PTR pi3.dev.shahed.biz.
4 IN PTR pih.dev.shahed.biz.
5 IN PTR dev.shahed.biz.
5 IN PTR dmz.dev.shahed.biz.
5 IN PTR ftp.dev.shahed.biz.
5 IN PTR ns0.dev.shahed.biz.
5 IN PTR piw.dev.shahed.biz.
8 IN PTR one.dev.shahed.biz.
9 IN PTR av5.dev.shahed.biz.
10 IN PTR mac.dev.shahed.biz.
11 IN PTR sha.dev.shahed.biz.
12 IN PTR ras.dev.shahed.biz.
DDNS Forward Zone
cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz
nano /etc/bind/zones/db.ddn.dev.shahed.biz
;
; BIND forward data file for ddn.dev.shahed.biz
;
$ORIGIN .
$TTL 600 ; 10M
ddn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. (
201908121 ; serial YYYYmmddI
600 ; refresh 10M
7200 ; retry 02H
604800 ; expire 01W
600 ) ; Negative Cache TTL 10M
NS ns0.dev.shahed.biz.
A 10.19.83.5
Server
named-checkconf -z
named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload
Client
sudo nano /etc/dhcpcd.conf
# Chorke Academia, Inc.
#static domain_name_servers=10.19.83.5 10.19.83.1
static domain_search=dev.shahed.biz
#static host_name=pih
sudo systemctl restart dhcpcd
sudo systemctl daemon-reload
sudo apt install resolvconf
sudo apt install openresolv
sudo resolvconf -u
DDNS Client
$HOME/ddnsclient
#!/bin/bash
: '
@author "Chorke Academia, Inc."<[email protected]>
@vendor Chorke Academia, Inc.
@web http://chorke.org
@version 1.0.00.GA
@since 1.0.00.GA
'
# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org
IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'
while true; do
# first, retrieve ipaddress
CURIP=`curl -s $IPS | awk '{ print $1 }'`
OLDIP=`cat $DNSP/oldip`
# compare to previously saved ip
[ "$CURIP" == "$OLDIP" ] && continue
echo $CURIP > $DNSP/oldip
# if different, tell dns
echo "server dev.shahed.biz" > $DNSP/zone
echo "zone ddn.dev.shahed.biz" >> $DNSP/zone
echo "update delete ddn.dev.shahed.biz. A" >> $DNSP/zone
echo "update add ddn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone
echo "show" >> $DNSP/zone
echo "send" >> $DNSP/zone
/usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+55098.private $DNSP/zone
sleep 300 # (5M, 30M) = (300, 1800)
done
chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &
Debug
@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
scutil --dns
scutil -r hostname
# clear macos dns cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.5 shahed.biz
dig @10.19.83.5 dev.shahed.biz
dig @10.19.83.5 apn.dev.shahed.biz
dig @10.19.83.5 ddn.dev.shahed.biz
dig @10.19.83.5 gtw.dev.shahed.biz
#from horizon/world wide
dig @dev.shahed.biz shahed.biz
dig @dev.shahed.biz -x 10.19.83.1
dig @dev.shahed.biz dev.shahed.biz
dig @dev.shahed.biz apn.dev.shahed.biz
dig @dev.shahed.biz ddn.dev.shahed.biz
dig @dev.shahed.biz gtw.dev.shahed.biz
#from lan only
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup ddn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Stealth (DMZ/Hidden Master) Name Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9
- DNS Sample External Domain Zone file
- BIND Definition of Address List Match
- Stealth (Split/DMZ) DNS Server
- List of Statements