Raspberry Pi Authoritative DNS Server: Difference between revisions
Jump to navigation
Jump to search
(→Debug) |
(→Debug) |
||
Line 309: | Line 309: | ||
#from horizon/world wide | #from horizon/world wide | ||
dig @dev.shahed.biz shahed.biz | dig @dev.shahed.biz shahed.biz | ||
dig @dev.shahed.biz -x 10.19.83.1 | |||
dig @dev.shahed.biz dev.shahed.biz | dig @dev.shahed.biz dev.shahed.biz | ||
dig @dev.shahed.biz apn.dev.shahed.biz | dig @dev.shahed.biz apn.dev.shahed.biz |
Revision as of 11:34, 5 August 2019
Domain Information
Domain : shahed.biz
Name Server : ns8533.hostgator.com
Name Server : ns8534.hostgator.com
Subdomain : dev.shahed.biz (public)
CNAME of dev : cki00.ddns.net (noip.com)
Netowrk Information
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.3 (dev.shahed.biz & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Install
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.3;
};
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Keygen
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER apn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER dyn.dev.shahed.biz
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER gtw.dev.shahed.biz
Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
};
zone "dyn.dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dyn.dev.shahed.biz";
notify yes;
allow-update { key dyn.dev.shahed.biz.; };
allow-query { any; };
};
key dyn.dev.shahed.biz. {
algorithm HMAC-MD5;
secret "RJkf2z/uhy4Fec8j0/nP0g==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward Lookup Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND forward data file
;
$TTL 600 ; 10S
$ORIGIN dev.shahed.biz.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908011 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10S
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
@ IN A 10.19.83.3
; A Records
apn A 10.19.83.2
gtw A 10.19.83.1
ns0 A 10.19.83.3
; CNAME
ftp CNAME ns0
rpi CNAME ns0
Reverse Lookup Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL 600 ; 10S
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908011 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10S
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
; PTR Records
1.83 IN PTR gtw.dev.shahed.biz.
2.83 IN PTR apn.dev.shahed.biz.
3.83 IN PTR ns0.dev.shahed.biz.
; PTR CNAME
3.83 IN PTR ftp.dev.shahed.biz.
3.83 IN PTR rpi.dev.shahed.biz.
; PTR ORIGIN
3.83 IN PTR dev.shahed.biz.
DDNS Forward Zone
cp /etc/bind/db.local /etc/bind/zones/db.dns.dev.shahed.biz
nano /etc/bind/zones/db.dns.dev.shahed.biz
;
; BIND forward data file for dyn.dev.shahed.biz
;
$ORIGIN .
$TTL 86400 ; 1D
dyn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.dyn.dev.shahed.biz. (
201908011 ; serial YYYYmmddI
28800 ; refresh 08H
7200 ; retry 02H
604800 ; expire 01W
86400 ) ; Negative Cache TTL 01D
NS ns0.dev.shahed.biz.
A 202.186.223.134
Server
named-checkconf -z
named-checkzone dyn.dev.shahed.biz /etc/bind/zones/db.dyn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload
Client
nano /etc/resolv.conf
nameserver 10.19.83.3
search dev.shahed.biz
nano /etc/network/interfaces
dns-nameservers 10.19.83.3
dns-search dev.shahed.biz
DDNS Client
$HOME/ddnsclient
#!/bin/bash
: '
@author "Chorke Academia, Inc."<[email protected]>
@vendor Chorke Academia, Inc.
@web http://chorke.org
@version 1.0.00.GA
@since 1.0.00.GA
'
# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org
IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'
while true; do
# first, retrieve ipaddress
CURIP=`curl -s $IPS | awk '{ print $1 }'`
OLDIP=`cat $DNSP/oldip`
# compare to previously saved ip
[ "$CURIP" == "$OLDIP" ] && continue
echo $CURIP > $DNSP/oldip
# if different, tell dns
echo "server ns0.dev.shahed.biz" > $DNSP/zone
echo "zone dyn.dev.shahed.biz" >> $DNSP/zone
echo "update delete dyn.dev.shahed.biz. A" >> $DNSP/zone
echo "update add dyn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone
echo "show" >> $DNSP/zone
echo "send" >> $DNSP/zone
/usr/bin/nsupdate -k $DNSP/Kdyn.dev.shahed.biz.+157+42903.private $DNSP/zone
sleep 300 # (5M, 30M) = (300, 1800)
done
chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &
Debug
@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
# clear macos dns cache
sudo killall -HUP mDNSResponder
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.3 shahed.biz
dig @10.19.83.3 dev.shahed.biz
dig @10.19.83.3 apn.dev.shahed.biz
dig @10.19.83.3 dyn.dev.shahed.biz
dig @10.19.83.3 gtw.dev.shahed.biz
#from horizon/world wide
dig @dev.shahed.biz shahed.biz
dig @dev.shahed.biz -x 10.19.83.1
dig @dev.shahed.biz dev.shahed.biz
dig @dev.shahed.biz apn.dev.shahed.biz
dig @dev.shahed.biz dyn.dev.shahed.biz
dig @dev.shahed.biz gtw.dev.shahed.biz
#from lan only
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup dyn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Stealth (DMZ/Hidden Master) Name Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9
- DNS Sample External Domain Zone file
- BIND Definition of Address List Match
- Stealth (Split/DMZ) DNS Server
- List of Statements