Raspberry Pi Authoritative DNS Server: Difference between revisions
Jump to navigation
Jump to search
(→Zones) |
(→Client) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 11: | Line 11: | ||
<source lang="bash"> | <source lang="bash"> | ||
GTW : 10.19.83.1 (Gateway/Router) | GTW : 10.19.83.1 (Gateway/Router) | ||
DMZ : 10.19.83. | DMZ : 10.19.83.5 (dev.shahed.biz & Name server) | ||
LAN : 10.19.83.0/24 (Private network & range 0~255) | LAN : 10.19.83.0/24 (Private network & range 0~255) | ||
</source> | </source> | ||
Line 21: | Line 21: | ||
apt install bind9 bind9utils bind9-doc dnsutils | apt install bind9 bind9utils bind9-doc dnsutils | ||
#apt purge bind9 bind9utils bind9-doc dnsutils | #apt purge bind9 bind9utils bind9-doc dnsutils | ||
#sudo apt autoremove | |||
</source> | </source> | ||
<code>nano /etc/default/bind9</code> | |||
<source lang="ini"> | <source lang="ini"> | ||
# run resolvconf? | # run resolvconf? | ||
Line 57: | Line 58: | ||
listen-on port 53 { | listen-on port 53 { | ||
127.0.0.1; | 127.0.0.1; | ||
10.19.83. | 10.19.83.5; | ||
}; | }; | ||
allow-transfer { none; }; | allow-transfer { none; }; | ||
Line 143: | Line 144: | ||
; CNAME | ; CNAME | ||
ftp CNAME ns0 | ftp CNAME ns0 | ||
dmz CNAME ns0 | |||
</source> | </source> | ||
Line 169: | Line 170: | ||
@ IN NS dev.shahed.biz. | @ IN NS dev.shahed.biz. | ||
; PTR Records | ; PTR Records | ||
1 | 1 IN PTR gtw.dev.shahed.biz. | ||
2 | 2 IN PTR apn.dev.shahed.biz. | ||
3 | 3 IN PTR pi3.dev.shahed.biz. | ||
4 | 4 IN PTR pih.dev.shahed.biz. | ||
5 | 5 IN PTR dev.shahed.biz. | ||
5 | 5 IN PTR dmz.dev.shahed.biz. | ||
5 | 5 IN PTR ftp.dev.shahed.biz. | ||
5 | 5 IN PTR ns0.dev.shahed.biz. | ||
5 | 5 IN PTR piw.dev.shahed.biz. | ||
8 | 8 IN PTR one.dev.shahed.biz. | ||
9 | 9 IN PTR av5.dev.shahed.biz. | ||
10 | 10 IN PTR mac.dev.shahed.biz. | ||
11 | 11 IN PTR sha.dev.shahed.biz. | ||
12 | 12 IN PTR ras.dev.shahed.biz. | ||
</source> | </source> | ||
Line 231: | Line 232: | ||
==Client== | ==Client== | ||
<code>nano /etc/ | <code>sudo nano /etc/dhcpcd.conf</code> | ||
<source lang="ini"> | <source lang="ini"> | ||
# Chorke Academia, Inc. | |||
#static domain_name_servers=10.19.83.5 10.19.83.1 | |||
static domain_search=dev.shahed.biz | |||
#static host_name=pih | |||
</source> | </source> | ||
<source lang="bash" highlight="5,6"> | |||
<source lang=" | sudo systemctl restart dhcpcd | ||
sudo systemctl daemon-reload | |||
sudo apt install resolvconf | |||
sudo apt install openresolv | |||
sudo resolvconf -u | |||
</source> | </source> | ||
Line 300: | Line 304: | ||
<source lang="bash"> | <source lang="bash"> | ||
scutil --dns | |||
scutil -r hostname | |||
# clear macos dns cache | # clear macos dns cache | ||
sudo dscacheutil -flushcache | |||
sudo killall -HUP mDNSResponder | sudo killall -HUP mDNSResponder | ||
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist | |||
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist | |||
</source> | </source> | ||
Line 313: | Line 322: | ||
<source lang="bash"> | <source lang="bash"> | ||
#from local area network | #from local area network | ||
dig @10.19.83. | dig @10.19.83.5 shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 dev.shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 apn.dev.shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 ddn.dev.shahed.biz | ||
dig @10.19.83. | dig @10.19.83.5 gtw.dev.shahed.biz | ||
</source> | </source> | ||
Latest revision as of 17:56, 31 August 2020
Domain Information
Domain : shahed.biz
Name Server : ns8533.hostgator.com
Name Server : ns8534.hostgator.com
Subdomain : dev.shahed.biz (public)
CNAME of dev : cki00.ddns.net (noip.com)
Netowrk Information
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.5 (dev.shahed.biz & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Install
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge bind9 bind9utils bind9-doc dnsutils
#sudo apt autoremove
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.5;
};
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Keygen
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz
Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
};
zone "ddn.dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.ddn.dev.shahed.biz";
notify yes;
allow-update { key ddn.dev.shahed.biz.; };
allow-query { any; };
};
key ddn.dev.shahed.biz. {
algorithm HMAC-MD5;
secret "BOpzhxmLpMwUIJR9Z3mMvQ==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward Lookup Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND forward data file
;
$TTL 600 ; 10M
$ORIGIN dev.shahed.biz.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
@ IN A 10.19.83.5
; A Records
apn A 10.19.83.2
av5 A 10.19.83.9
gtw A 10.19.83.1
mac A 10.19.83.10
ns0 A 10.19.83.5
one A 10.19.83.8
pi3 A 10.19.83.3
pih A 10.19.83.4
piw A 10.19.83.5
ras A 10.19.83.12
sha A 10.19.83.11
; CNAME
ftp CNAME ns0
dmz CNAME ns0
Reverse Lookup Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL 600 ; 10M
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS dev.shahed.biz.
; PTR Records
1 IN PTR gtw.dev.shahed.biz.
2 IN PTR apn.dev.shahed.biz.
3 IN PTR pi3.dev.shahed.biz.
4 IN PTR pih.dev.shahed.biz.
5 IN PTR dev.shahed.biz.
5 IN PTR dmz.dev.shahed.biz.
5 IN PTR ftp.dev.shahed.biz.
5 IN PTR ns0.dev.shahed.biz.
5 IN PTR piw.dev.shahed.biz.
8 IN PTR one.dev.shahed.biz.
9 IN PTR av5.dev.shahed.biz.
10 IN PTR mac.dev.shahed.biz.
11 IN PTR sha.dev.shahed.biz.
12 IN PTR ras.dev.shahed.biz.
DDNS Forward Zone
cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz
nano /etc/bind/zones/db.ddn.dev.shahed.biz
;
; BIND forward data file for ddn.dev.shahed.biz
;
$ORIGIN .
$TTL 600 ; 10M
ddn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. (
201908121 ; serial YYYYmmddI
600 ; refresh 10M
7200 ; retry 02H
604800 ; expire 01W
600 ) ; Negative Cache TTL 10M
NS ns0.dev.shahed.biz.
A 10.19.83.5
Server
named-checkconf -z
named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload
Client
sudo nano /etc/dhcpcd.conf
# Chorke Academia, Inc.
#static domain_name_servers=10.19.83.5 10.19.83.1
static domain_search=dev.shahed.biz
#static host_name=pih
sudo systemctl restart dhcpcd
sudo systemctl daemon-reload
sudo apt install resolvconf
sudo apt install openresolv
sudo resolvconf -u
DDNS Client
$HOME/ddnsclient
#!/bin/bash
: '
@author "Chorke Academia, Inc."<[email protected]>
@vendor Chorke Academia, Inc.
@web http://chorke.org
@version 1.0.00.GA
@since 1.0.00.GA
'
# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org
IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'
while true; do
# first, retrieve ipaddress
CURIP=`curl -s $IPS | awk '{ print $1 }'`
OLDIP=`cat $DNSP/oldip`
# compare to previously saved ip
[ "$CURIP" == "$OLDIP" ] && continue
echo $CURIP > $DNSP/oldip
# if different, tell dns
echo "server dev.shahed.biz" > $DNSP/zone
echo "zone ddn.dev.shahed.biz" >> $DNSP/zone
echo "update delete ddn.dev.shahed.biz. A" >> $DNSP/zone
echo "update add ddn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone
echo "show" >> $DNSP/zone
echo "send" >> $DNSP/zone
/usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+55098.private $DNSP/zone
sleep 300 # (5M, 30M) = (300, 1800)
done
chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &
Debug
@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
scutil --dns
scutil -r hostname
# clear macos dns cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.5 shahed.biz
dig @10.19.83.5 dev.shahed.biz
dig @10.19.83.5 apn.dev.shahed.biz
dig @10.19.83.5 ddn.dev.shahed.biz
dig @10.19.83.5 gtw.dev.shahed.biz
#from horizon/world wide
dig @dev.shahed.biz shahed.biz
dig @dev.shahed.biz -x 10.19.83.1
dig @dev.shahed.biz dev.shahed.biz
dig @dev.shahed.biz apn.dev.shahed.biz
dig @dev.shahed.biz ddn.dev.shahed.biz
dig @dev.shahed.biz gtw.dev.shahed.biz
#from lan only
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup ddn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Stealth (DMZ/Hidden Master) Name Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9
- DNS Sample External Domain Zone file
- BIND Definition of Address List Match
- Stealth (Split/DMZ) DNS Server
- List of Statements