Raspberry Pi Authoritative DNS Server: Difference between revisions
Jump to navigation
Jump to search
(→Keygen) |
(→Zones) |
||
Line 55: | Line 55: | ||
<source lang="ini"> | <source lang="ini"> | ||
include "/etc/bind/rndc.key"; | include "/etc/bind/rndc.key"; | ||
zone "dev.shahed.biz" { | |||
zone "shahed.biz" { | |||
type master; | type master; | ||
file "/etc/bind/zones/db.shahed.biz"; # zone file path | file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path | ||
allow-update { key rndc-key; }; | allow-update { key rndc-key; }; | ||
}; | }; | ||
Line 66: | Line 63: | ||
zone "83.19.10.in-addr.arpa" { | zone "83.19.10.in-addr.arpa" { | ||
type master; | type master; | ||
file "/etc/bind/zones/db.83.19.10"; | file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet | ||
allow-update { key rndc-key; }; | allow-update { key rndc-key; }; | ||
}; | }; | ||
zone "dev.shahed.biz" { | zone "rpi.dev.shahed.biz" { | ||
type master; | type master; | ||
file "/etc/bind/zones/db.dev.shahed.biz"; | file "/etc/bind/zones/db.rpi.dev.shahed.biz"; | ||
notify yes; | notify yes; | ||
allow-update { key dev.shahed.biz.; }; | allow-update { key rpi.dev.shahed.biz.; }; | ||
allow-query { any; }; | allow-query { any; }; | ||
}; | }; | ||
key dev.shahed.biz. { | key rpi.dev.shahed.biz. { | ||
algorithm HMAC-MD5; | algorithm HMAC-MD5; | ||
secret "8+JJL3HnWswtBVzwAetEYg=="; | secret "8+JJL3HnWswtBVzwAetEYg=="; | ||
}; | }; | ||
// consider adding the 1918 zones here | |||
// | |||
//include "/etc/bind/zones.rfc1918"; | //include "/etc/bind/zones.rfc1918"; | ||
</source> | </source> |
Revision as of 22:59, 2 August 2019
Install
sudo su
apt update
apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Options
nano /etc/bind/named.conf.options
acl trusted {
127.0.0.0/8;
10.19.83.0/24;
};
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
auth-nxdomain no;
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.3;
};
allow-transfer { none; };
allow-query { trusted; };
allow-recursion { trusted; };
};
Keygen
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER apn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER dns.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER gtw.dev.shahed.biz
Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
};
zone "rpi.dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.rpi.dev.shahed.biz";
notify yes;
allow-update { key rpi.dev.shahed.biz.; };
allow-query { any; };
};
key rpi.dev.shahed.biz. {
algorithm HMAC-MD5;
secret "8+JJL3HnWswtBVzwAetEYg==";
};
// consider adding the 1918 zones here
//include "/etc/bind/zones.rfc1918";
Domain Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND data file for local loopback interface ;
$TTL 3600 ; 01H
@ IN SOA dns.shahed.biz. root.dns.shahed.biz. (
20190801 ; Serial YYYYmmdd
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
3600 ) ; Negative Cache TTL 01H
; NS Records
@ IN NS dns.shahed.biz.
@ IN A 10.19.83.3
; A Records
dns A 10.19.83.3
rpi A 10.19.83.3
Reverse Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.10.19.83
;
; BIND reverse data file for local loopback interface
;
$TTL 3600 ; 01H
@ IN SOA dns.shahed.biz. root.shahed.biz. (
20190801 ; Serial YYYYmmdd
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
3600 ) ; Negative Cache TTL 01H
; NS Records
@ IN NS dns.shahed.biz.
; PTR Records
3.83 IN PTR shahed.biz.
3.83 IN PTR dns.shahed.biz.
3.83 IN PTR rpi.shahed.biz.
3.83 IN PTR www.shahed.biz.
Client Config
nano /etc/resolv.conf
nameserver 10.19.83.3
search dev.shahed.biz
nano /etc/network/interfaces
dns-nameservers 10.19.83.3
dns-search dev.shahed.biz
named-checkconf -z
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
reboot
Debug
dig @10.19.83.3 shahed.biz
dig @10.19.83.3 dev.shahed.biz
dig @10.19.83.3 apn.dev.shahed.biz
dig @10.19.83.3 gtw.dev.shahed.biz
dig @10.19.83.3 dns.dev.shahed.biz
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
nslookup dns.dev.shahed.biz
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9