Raspberry Pi Authoritative DNS Server: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 57: | Line 57: | ||
listen-on port 53 { | listen-on port 53 { | ||
127.0.0.1; | 127.0.0.1; | ||
10.19.83. | 10.19.83.5; | ||
}; | }; | ||
allow-transfer { none; }; | allow-transfer { none; }; |
Revision as of 03:11, 14 August 2019
Domain Information
Domain : shahed.biz
Name Server : ns8533.hostgator.com
Name Server : ns8534.hostgator.com
Subdomain : dev.shahed.biz (public)
CNAME of dev : cki00.ddns.net (noip.com)
Netowrk Information
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.5 (dev.shahed.biz & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Install
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
#apt purge bind9 bind9utils bind9-doc dnsutils
nano /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind -4"
Options
nano /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 0-255
10.19.83.0/24; # 0-255
};
acl externals {
10.19.83.0/29; # 0-7
!10.19.83.0/24; # 0-255
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.5;
};
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Keygen
dnssec-keygen -K /etc/bind/ddnskeys -C -a HMAC-MD5 -b 128 -n USER ddn.dev.shahed.biz
Zones
nano /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.dev.shahed.biz"; # zone file path
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # 10.19.83.0/24 subnet
allow-update { key rndc-key; };
};
zone "ddn.dev.shahed.biz" {
type master;
file "/etc/bind/zones/db.ddn.dev.shahed.biz";
notify yes;
allow-update { key ddn.dev.shahed.biz.; };
allow-query { any; };
};
key ddn.dev.shahed.biz. {
algorithm HMAC-MD5;
secret "BOpzhxmLpMwUIJR9Z3mMvQ==";
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward Lookup Zone
mkdir /etc/bind/zones
cp /etc/bind/db.local /etc/bind/zones/db.dev.shahed.biz
nano /etc/bind/zones/db.dev.shahed.biz
;
; BIND forward data file
;
$TTL 600 ; 10M
$ORIGIN dev.shahed.biz.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS dev.shahed.biz.
@ IN A 10.19.83.5
; A Records
apn A 10.19.83.2
av5 A 10.19.83.9
gtw A 10.19.83.1
mac A 10.19.83.10
ns0 A 10.19.83.5
one A 10.19.83.8
pi3 A 10.19.83.3
pih A 10.19.83.4
piw A 10.19.83.5
ras A 10.19.83.12
sha A 10.19.83.11
; CNAME
ftp CNAME ns0
dmz CNAME ns0
Reverse Lookup Zone
cp /etc/bind/db.127 /etc/bind/zones/db.83.19.10
nano /etc/bind/zones/db.83.19.10
;
; BIND reverse data file
;
$TTL 600 ; 10M
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA ns0.dev.shahed.biz. root.dev.shahed.biz. (
201908121 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10M
; NS Records
@ IN NS ns0.dev.shahed.biz.
@ IN NS dev.shahed.biz.
; PTR Records
1.83 IN PTR gtw.dev.shahed.biz.
2.83 IN PTR apn.dev.shahed.biz.
3.83 IN PTR pi3.dev.shahed.biz.
4.83 IN PTR pih.dev.shahed.biz.
5.83 IN PTR dev.shahed.biz.
5.83 IN PTR dmz.dev.shahed.biz.
5.83 IN PTR ftp.dev.shahed.biz.
5.83 IN PTR ns0.dev.shahed.biz.
5.83 IN PTR piw.dev.shahed.biz.
8.83 IN PTR one.dev.shahed.biz.
9.83 IN PTR av5.dev.shahed.biz.
10.83 IN PTR mac.dev.shahed.biz.
11.83 IN PTR sha.dev.shahed.biz.
12.83 IN PTR ras.dev.shahed.biz.
DDNS Forward Zone
cp /etc/bind/db.local /etc/bind/zones/db.ddn.dev.shahed.biz
nano /etc/bind/zones/db.ddn.dev.shahed.biz
;
; BIND forward data file for ddn.dev.shahed.biz
;
$ORIGIN .
$TTL 600 ; 10M
ddn.dev.shahed.biz IN SOA ns0.dev.shahed.biz. root.ddn.dev.shahed.biz. (
201908121 ; serial YYYYmmddI
600 ; refresh 10M
7200 ; retry 02H
604800 ; expire 01W
600 ) ; Negative Cache TTL 10M
NS ns0.dev.shahed.biz.
A 10.19.83.5
Server
named-checkconf -z
named-checkzone ddn.dev.shahed.biz /etc/bind/zones/db.ddn.dev.shahed.biz
named-checkzone dev.shahed.biz /etc/bind/zones/db.dev.shahed.biz
named-checkzone 83.19.10.in-addr.arpa /etc/bind/zones/db.83.19.10
update-rc.d bind9 enable
/etc/init.d/bind9 restart
service bind9 restart
netstat -tulpn
netstat -tap
reboot
rndc dumpdb -cache
rndc flush
rndc reload
Client
nano /etc/resolv.conf
nameserver 10.19.83.5
search dev.shahed.biz
nano /etc/hosts
10.19.83.5 dev.shahed.biz dev
10.19.83.5 ddn.dev.shahed.biz ddn
10.19.83.5 dmz.dev.shahed.biz dmz
10.19.83.5 piw.dev.shahed.biz piw
DDNS Client
$HOME/ddnsclient
#!/bin/bash
: '
@author "Chorke Academia, Inc."<[email protected]>
@vendor Chorke Academia, Inc.
@web http://chorke.org
@version 1.0.00.GA
@since 1.0.00.GA
'
# http://zteo.com/posts/your-own-dynamic-dns-in-3-steps
# http://dynupdate.no-ip.com/ip.php
# http://www.antedes.com/getip.php
# http://checkip.dyndns.org
IPS='http://dynupdate.no-ip.com/ip.php'
DNSP='/etc/bind/ddnskeys'
while true; do
# first, retrieve ipaddress
CURIP=`curl -s $IPS | awk '{ print $1 }'`
OLDIP=`cat $DNSP/oldip`
# compare to previously saved ip
[ "$CURIP" == "$OLDIP" ] && continue
echo $CURIP > $DNSP/oldip
# if different, tell dns
echo "server dev.shahed.biz" > $DNSP/zone
echo "zone ddn.dev.shahed.biz" >> $DNSP/zone
echo "update delete ddn.dev.shahed.biz. A" >> $DNSP/zone
echo "update add ddn.dev.shahed.biz. 86400 A $CURIP" >> $DNSP/zone
echo "show" >> $DNSP/zone
echo "send" >> $DNSP/zone
/usr/bin/nsupdate -k $DNSP/Kddn.dev.shahed.biz.+157+55098.private $DNSP/zone
sleep 300 # (5M, 30M) = (300, 1800)
done
chmod 755 "$HOME/ddnsclient"
# nohup "$HOME/ddnsclient" &
nohup "$HOME/ddnsclient" 2>> /dev/null >> /dev/null &
Debug
@rem clear windows dns cache
ipconfig /flushdns
ipconfig /displaydns
# clear macos dns cache
sudo killall -HUP mDNSResponder
# clear ubuntu dns cache
sudo systemd-resolve --flush-caches
sudo systemd-resolve --statistics
#sudo /etc/init.d/dns-clean start
#from local area network
dig @10.19.83.5 shahed.biz
dig @10.19.83.5 dev.shahed.biz
dig @10.19.83.5 apn.dev.shahed.biz
dig @10.19.83.5 ddn.dev.shahed.biz
dig @10.19.83.5 gtw.dev.shahed.biz
#from horizon/world wide
dig @dev.shahed.biz shahed.biz
dig @dev.shahed.biz -x 10.19.83.1
dig @dev.shahed.biz dev.shahed.biz
dig @dev.shahed.biz apn.dev.shahed.biz
dig @dev.shahed.biz ddn.dev.shahed.biz
dig @dev.shahed.biz gtw.dev.shahed.biz
#from lan only
nslookup shahed.biz
nslookup dev.shahed.biz
nslookup apn.dev.shahed.biz
nslookup ddn.dev.shahed.biz
nslookup gtw.dev.shahed.biz
References
- How To Configure Bind as an Authoritative-Only DNS Server on Ubuntu 14.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 16.04
- How To Configure BIND as a Private Network DNS Server on Ubuntu 18.04
- Set Up Authoritative DNS Server on Ubuntu 18.04, 16.04 with BIND9
- Raspberry Pi Bind9 DNS/DDNS (Dynamic DNS) Server
- Stealth (DMZ/Hidden Master) Name Server
- Configuring a DNS Server in Raspberry Pi
- Setting up Private DNS Server with BIND9
- DNS Sample External Domain Zone file
- BIND Definition of Address List Match
- Stealth (Split/DMZ) DNS Server
- List of Statements