Raspberry Pi Authoritative DNS Server: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(9 intermediate revisions by the same user not shown)
Line 11: Line 11:
<source lang="bash">
<source lang="bash">
GTW : 10.19.83.1    (Gateway/Router)
GTW : 10.19.83.1    (Gateway/Router)
DMZ : 10.19.83.3   (dev.shahed.biz  & Name server)
DMZ : 10.19.83.5   (dev.shahed.biz  & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
LAN : 10.19.83.0/24 (Private network & range 0~255)
</source>
</source>
Line 21: Line 21:
apt install bind9 bind9utils bind9-doc dnsutils
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge  bind9 bind9utils bind9-doc dnsutils
#apt purge  bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9
#sudo apt autoremove
</source>
</source>


<code>nano /etc/default/bind9</code>
<source lang="ini">
<source lang="ini">
# run resolvconf?
# run resolvconf?
Line 57: Line 58:
         listen-on port 53 {
         listen-on port 53 {
                 127.0.0.1;
                 127.0.0.1;
                 10.19.83.3;
                 10.19.83.5;
         };
         };
         allow-transfer { none; };
         allow-transfer { none; };
Line 143: Line 144:
; CNAME
; CNAME
ftp            CNAME  ns0
ftp            CNAME  ns0
ssh             CNAME  ns0
dmz             CNAME  ns0
</source>
</source>


Line 169: Line 170:
@      IN      NS      dev.shahed.biz.
@      IN      NS      dev.shahed.biz.
; PTR Records
; PTR Records
1.83    IN      PTR    gtw.dev.shahed.biz.
1       IN      PTR    gtw.dev.shahed.biz.
2.83    IN      PTR    apn.dev.shahed.biz.
2       IN      PTR    apn.dev.shahed.biz.
3.83    IN      PTR    pi3.dev.shahed.biz.
3       IN      PTR    pi3.dev.shahed.biz.
4.83    IN      PTR    pih.dev.shahed.biz.
4       IN      PTR    pih.dev.shahed.biz.
5.83    IN      PTR    dev.shahed.biz.
5       IN      PTR    dev.shahed.biz.
5.83    IN      PTR    ftp.dev.shahed.biz.
5       IN      PTR    dmz.dev.shahed.biz.
5.83    IN      PTR    ns0.dev.shahed.biz.
5       IN      PTR    ftp.dev.shahed.biz.
5.83    IN      PTR    piw.dev.shahed.biz.
5       IN      PTR    ns0.dev.shahed.biz.
5.83    IN      PTR    ssh.dev.shahed.biz.
5       IN      PTR    piw.dev.shahed.biz.
8.83    IN      PTR    one.dev.shahed.biz.
8       IN      PTR    one.dev.shahed.biz.
9.83    IN      PTR    av5.dev.shahed.biz.
9       IN      PTR    av5.dev.shahed.biz.
10.83  IN      PTR    mac.dev.shahed.biz.
10     IN      PTR    mac.dev.shahed.biz.
11.83  IN      PTR    sha.dev.shahed.biz.
11     IN      PTR    sha.dev.shahed.biz.
12.83  IN      PTR    ras.dev.shahed.biz.
12     IN      PTR    ras.dev.shahed.biz.
</source>
</source>


Line 231: Line 232:


==Client==
==Client==
<code>nano /etc/resolv.conf</code>
<code>sudo nano /etc/dhcpcd.conf</code>
<source lang="ini">
<source lang="ini">
nameserver 10.19.83.3
# Chorke Academia, Inc.
search dev.shahed.biz
#static domain_name_servers=10.19.83.5 10.19.83.1
static domain_search=dev.shahed.biz
#static host_name=pih
</source>
</source>


<code>nano /etc/hosts</code>
<source lang="bash" highlight="5,6">
<source lang="ini">
sudo systemctl restart dhcpcd
10.19.83.3      dev.shahed.biz dev
sudo systemctl daemon-reload
10.19.83.3      ddn.dev.shahed.biz ddn
 
10.19.83.3      ras.dev.shahed.biz ras
sudo apt install resolvconf
10.19.83.3      rpi.dev.shahed.biz rpi
sudo apt install openresolv
sudo resolvconf -u
</source>
</source>


Line 300: Line 304:


<source lang="bash">
<source lang="bash">
scutil --dns
scutil -r hostname
# clear macos dns cache
# clear macos dns cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
sudo killall -HUP mDNSResponder
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
</source>
</source>


Line 313: Line 322:
<source lang="bash">
<source lang="bash">
#from local area network
#from local area network
dig @10.19.83.3 shahed.biz
dig @10.19.83.5 shahed.biz
dig @10.19.83.3 dev.shahed.biz
dig @10.19.83.5 dev.shahed.biz
dig @10.19.83.3 apn.dev.shahed.biz
dig @10.19.83.5 apn.dev.shahed.biz
dig @10.19.83.3 ddn.dev.shahed.biz
dig @10.19.83.5 ddn.dev.shahed.biz
dig @10.19.83.3 gtw.dev.shahed.biz
dig @10.19.83.5 gtw.dev.shahed.biz
</source>
</source>



Latest revision as of 17:56, 31 August 2020

Domain Information

Domain       : shahed.biz
Name Server  : ns8533.hostgator.com
Name Server  : ns8534.hostgator.com
Subdomain    : dev.shahed.biz (public)
CNAME of dev : cki00.ddns.net (noip.com)

Netowrk Information

GTW : 10.19.83.1    (Gateway/Router)
DMZ : 10.19.83.5    (dev.shahed.biz  & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)

Install

sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge  bind9 bind9utils bind9-doc dnsutils
#sudo apt autoremove

nano /etc/default/bind9

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Options

nano /etc/bind/named.conf.options

acl internals {
        127.0.0.0/24;  # 0-255
        10.19.83.0/24; # 0-255
};

acl externals {
        10.19.83.0/29;  # 0-7
        !10.19.83.0/24; # 0-255
};

options {
        directory "/var/cache/bind";
        auth-nxdomain no;
        forwarders {
                8.8.8.8;    # Google DNS
                8.8.4.4;    # Google DNS
                10.19.83.1; # Router DNS
        };
        dnssec-validation auto;
        listen-on-v6 { none; };
        listen-on port 53 {
                127.0.0.1;
                10.19.83.5;
        };
        allow-transfer { none; };
        allow-query { internals; };
        allow-recursion { internals; };
};

Keygen

dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz

Zones

nano /etc/bind/named.conf.local

include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
    type master;
    file "/etc/bind/zones/db.dev.shahed.biz";     # zone file path
    allow-update { key rndc-key; };
};

zone "83.19.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.83.19.10";           # 10.19.83.0/24 subnet
    allow-update { key rndc-key; };
};

zone "ddn.dev.shahed.biz" {
        type master;
        file "/etc/bind/zones/db.ddn.dev.shahed.biz";
        notify yes;
        allow-update { key ddn.dev.shahed.biz.; };
        allow-query { any; };
};

key ddn.dev.shahed.biz. {
        algorithm HMAC-MD5;
        secret "BOpzhxmLpMwUIJR9Z3mMvQ==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";

Forward Lookup Zone

mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND forward data file
;
$TTL     600    ;  10M
$ORIGIN dev.shahed.biz.

@       IN      SOA     ns0.dev.shahed.biz. root.dev.shahed.biz. (
                        201908121           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10M
; NS Records
@       IN      NS      ns0.dev.shahed.biz.
@       IN      NS      ns8533.hostgator.com.
@       IN      NS      ns8534.hostgator.com.
@       IN      NS      dev.shahed.biz.
@       IN      A       10.19.83.5
; A  Records
apn             A       10.19.83.2
av5             A       10.19.83.9
gtw             A       10.19.83.1
mac             A       10.19.83.10
ns0             A       10.19.83.5
one             A       10.19.83.8
pi3             A       10.19.83.3
pih             A       10.19.83.4
piw             A       10.19.83.5
ras             A       10.19.83.12
sha             A       10.19.83.11
; CNAME
ftp             CNAME   ns0
dmz             CNAME   ns0

Reverse Lookup Zone

cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL     600    ; 10M
$ORIGIN 83.19.10.in-addr.arpa.

@       IN      SOA     ns0.dev.shahed.biz. root.dev.shahed.biz. (
                        201908121           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10M
; NS  Records
@       IN      NS      ns0.dev.shahed.biz.
@       IN      NS      dev.shahed.biz.
; PTR Records
1       IN      PTR     gtw.dev.shahed.biz.
2       IN      PTR     apn.dev.shahed.biz.
3       IN      PTR     pi3.dev.shahed.biz.
4       IN      PTR     pih.dev.shahed.biz.
5       IN      PTR     dev.shahed.biz.
5       IN      PTR     dmz.dev.shahed.biz.
5       IN      PTR     ftp.dev.shahed.biz.
5       IN      PTR     ns0.dev.shahed.biz.
5       IN      PTR     piw.dev.shahed.biz.
8       IN      PTR     one.dev.shahed.biz.
9       IN      PTR     av5.dev.shahed.biz.
10      IN      PTR     mac.dev.shahed.biz.
11      IN      PTR     sha.dev.shahed.biz.
12      IN      PTR     ras.dev.shahed.biz.

DDNS Forward Zone

cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz
nano /etc/bind/zones/db.ddn.dev.shahed.biz
;
; BIND forward data file for ddn.dev.shahed.biz
;
$ORIGIN .
$TTL     600            ; 10M
ddn.dev.shahed.biz      IN SOA  ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. (
                                201908121           ; serial       YYYYmmddI
                                      600           ; refresh            10M
                                     7200           ; retry              02H
                                   604800           ; expire             01W
                                      600 )         ; Negative Cache TTL 10M
                        NS      ns0.dev.shahed.biz.
                        A       10.19.83.5

Server

named-checkconf -z
named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload

Client

sudo nano /etc/dhcpcd.conf

# Chorke Academia, Inc.
#static domain_name_servers=10.19.83.5 10.19.83.1
static domain_search=dev.shahed.biz
#static host_name=pih
sudo systemctl restart dhcpcd
sudo systemctl daemon-reload

sudo apt install resolvconf
sudo apt install openresolv
sudo resolvconf -u

DDNS Client

$HOME/ddnsclient

#!/bin/bash
: '
 @author   "Chorke Academia, Inc."<[email protected]>
 @vendor    Chorke Academia, Inc.
 @web       http://chorke.org
 @version   1.0.00.GA
 @since     1.0.00.GA
'

# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org

IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'

while true; do
    # first, retrieve ipaddress
    CURIP=`curl -s $IPS | awk '{ print $1 }'`
    OLDIP=`cat $DNSP/oldip`

    # compare to previously saved ip
    [ "$CURIP" == "$OLDIP" ] && continue
    echo $CURIP > $DNSP/oldip

    # if different, tell dns
    echo "server dev.shahed.biz" > $DNSP/zone
    echo "zone ddn.dev.shahed.biz"  >> $DNSP/zone
    echo "update delete ddn.dev.shahed.biz. A"  >> $DNSP/zone
    echo "update add ddn.dev.shahed.biz. 86400 A $CURIP"  >> $DNSP/zone
    echo "show" >> $DNSP/zone
    echo "send" >> $DNSP/zone
    /usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+55098.private $DNSP/zone
    sleep 300 # (5M, 30M) = (300, 1800)
done
chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &

Debug

@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
scutil --dns
scutil -r hostname
# clear macos dns cache
sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.5 shahed.biz
dig @10.19.83.5 dev.shahed.biz
dig @10.19.83.5 apn.dev.shahed.biz
dig @10.19.83.5 ddn.dev.shahed.biz
dig @10.19.83.5 gtw.dev.shahed.biz
#from horizon/world wide 
dig @dev.shahed.biz shahed.biz
dig @dev.shahed.biz -x 10.19.83.1
dig @dev.shahed.biz dev.shahed.biz
dig @dev.shahed.biz apn.dev.shahed.biz
dig @dev.shahed.biz ddn.dev.shahed.biz
dig @dev.shahed.biz gtw.dev.shahed.biz
#from lan only
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup ddn.dev.shahed.biz
nslookup gtw.dev.shahed.biz

References