Raspberry Pi Authoritative DNS Server: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 46: Line 46:
==Keygen==
==Keygen==
<source lang="bash">
<source lang="bash">
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER acr.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER apn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER apn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER dns.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER gtw.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER gtw.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER mac.dev.shahed.biz
</source>
</source>



Revision as of 22:48, 2 August 2019

Install

sudo su
apt update
apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind -4"

Options

nano /etc/bind/named.conf.options

acl trusted {
        127.0.0.0/8;
        10.19.83.0/24;
};

options {
        directory "/var/cache/bind";
        forwarders {
                8.8.8.8;    # Google DNS
                8.8.4.4;    # Google DNS
                10.19.83.1; # Router DNS
        };
        auth-nxdomain no;
        dnssec-validation auto;
        listen-on-v6 { none; };
        listen-on port 53 {
                127.0.0.1;
                10.19.83.3;
        };
        allow-transfer { none; };
        allow-query { trusted; };
        allow-recursion { trusted; };
};

Keygen

dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER apn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER dns.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER gtw.dev.shahed.biz

Zones

nano /etc/bind/named.conf.local

include "/etc/bind/rndc.key";
//
// Do any local configuration here
//
zone "shahed.biz" {
    type master;
    file "/etc/bind/zones/db.shahed.biz";     # zone file path
    allow-update { key rndc-key; };
};

zone "83.19.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.83.19.10";       # 10.19.83.0/24 subnet
    allow-update { key rndc-key; };
};

zone "dev.shahed.biz" {
        type master;
        file "/etc/bind/zones/db.dev.shahed.biz";
        notify yes;
        allow-update { key dev.shahed.biz.; };
        allow-query { any; };
};

key dev.shahed.biz. {
        algorithm HMAC-MD5;
        secret "8+JJL3HnWswtBVzwAetEYg==";
};

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

Domain Zone

mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND data file for local loopback interface ;
$TTL    3600    ; 01H
@       IN      SOA     dns.shahed.biz. root.dns.shahed.biz. (
                        20190801        ; Serial        YYYYmmdd
                           3600         ; Refresh            01H
                            600         ; Retry              10M
                          86400         ; Expire             01D
                           3600 )       ; Negative Cache TTL 01H
; NS Records
@       IN      NS      dns.shahed.biz.
@       IN      A       10.19.83.3
; A  Records
dns             A       10.19.83.3
rpi             A       10.19.83.3


Reverse Zone

cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.10.19.83
;
; BIND reverse data file for local loopback interface
;
$TTL    3600    ; 01H
@       IN      SOA     dns.shahed.biz. root.shahed.biz. (
                        20190801        ; Serial        YYYYmmdd
                           3600         ; Refresh            01H
                            600         ; Retry              10M
                          86400         ; Expire             01D
                           3600 )       ; Negative Cache TTL 01H
; NS  Records
@       IN      NS      dns.shahed.biz.
; PTR Records
3.83    IN      PTR     shahed.biz.
3.83    IN      PTR     dns.shahed.biz.
3.83    IN      PTR     rpi.shahed.biz.
3.83    IN      PTR     www.shahed.biz.

Client Config

nano /etc/resolv.conf

nameserver 10.19.83.3
search dev.shahed.biz

nano /etc/network/interfaces

dns-nameservers 10.19.83.3
dns-search dev.shahed.biz
named-checkconf -z
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
reboot

Debug

dig @10.19.83.3 shahed.biz
dig @10.19.83.3 dev.shahed.biz
dig @10.19.83.3 apn.dev.shahed.biz
dig @10.19.83.3 gtw.dev.shahed.biz
dig @10.19.83.3 dns.dev.shahed.biz
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
nslookup dns.dev.shahed.biz

References