Difference between revisions of "DNS server unique zone"
| Line 39: | Line 39: | ||
* Adjust the '''reverse zone''' | * Adjust the '''reverse zone''' | ||
| + | ** File: /etc/bind/named.conf.local | ||
** Rename and adjust file: /etc/bind/db.192 | ** Rename and adjust file: /etc/bind/db.192 | ||
| Line 135: | Line 136: | ||
604800 ) ; Negative Cache TTL | 604800 ) ; Negative Cache TTL | ||
; | ; | ||
| − | ; | + | ; DNS server declaration |
; Each NS must point to an A record, not a CNAME. | ; Each NS must point to an A record, not a CNAME. | ||
; This is where the Primary and Secondary DNS servers are defined | ; This is where the Primary and Secondary DNS servers are defined | ||
IN NS smartcard-gw.smartcards.local | IN NS smartcard-gw.smartcards.local | ||
| + | IN A 172.16.50.2 | ||
smartcard-gw IN A 172.16.50.2 | smartcard-gw IN A 172.16.50.2 | ||
| Line 149: | Line 151: | ||
; Declare your servers and networks hosts | ; Declare your servers and networks hosts | ||
smarcartd-prod-00 IN A 172.16.50.10 | smarcartd-prod-00 IN A 172.16.50.10 | ||
| + | smarcartd-prod-01 IN A 172.16.50.11 | ||
| + | smarcartd-prod-02 IN A 172.16.50.12 | ||
| + | smarcartd-prod-03 IN A 172.16.50.13 | ||
; Create an alias to an existing record | ; Create an alias to an existing record | ||
| Line 154: | Line 159: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | |||
| + | Notes: | ||
| + | |||
| + | * Don't forget to adjust the serial every-time you edit the file ! | ||
| + | |||
| + | * NS = Name server | ||
| + | |||
| + | * A = IP v4 entry | ||
| + | |||
| + | * AAAA = IP v6 entry | ||
| + | |||
| + | * CNAME = Alias to a previous A or AAAA entry | ||
==Reverse zone file== | ==Reverse zone file== | ||
| + | |||
| + | |||
| + | Now that the zone is setup and resolving names to IP Adresses a '''Reverse zone''' is also required. A Reverse zone allows DNS to resolve an address to a name. | ||
| + | |||
| + | |||
| + | ===Declare reverse zone=== | ||
| Line 167: | Line 192: | ||
| − | + | Add the following reverse | |
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | # Our reverse zone | ||
| + | # Server IP 172.16.50.2 | ||
| + | zone "50.16.172.in-addr.arpa" { | ||
| + | type master; | ||
| + | file "/etc/bind/db.172"; | ||
| + | }; | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | Key points: | ||
| + | |||
| + | * Replace ''50.16.172'' with the '''first three octets''' of whatever network you are using - '''in reverse order'''! | ||
| + | |||
| + | * Name the zone file /etc/bind/''db.172'' : it should match the '''first octet''' of your network. | ||
| + | |||
| + | |||
| + | |||
| + | ===Configure reverse zone=== | ||
| + | |||
| + | |||
| + | Now create the /etc/bind/db.172 file: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | cp /etc/bind/db.127 /etc/bind/db.172 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | Edit the new file: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | vim /etc/bind/db.172 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | The content is basically the same as /etc/bind/smartcards.local: | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | ; | ||
| + | ; BIND reverse data file for local 172.16.50.XXX net | ||
| + | ; | ||
| + | $TTL 604800 | ||
| + | @ IN SOA smartcard-gw.smartcards.local. root.smartcards.local. ( | ||
| + | 201406031301 ; Serial | ||
| + | ; As the serial be changed everytime you edit this file | ||
| + | ; it is recommended to use the pattern "yyyyMMddHHmm" | ||
| + | 604800 ; Refresh | ||
| + | 86400 ; Retry | ||
| + | 2419200 ; Expire | ||
| + | 604800 ) ; Negative Cache TTL | ||
| + | ; | ||
| + | ; Local server | ||
| + | @ IN NS smartcard-gw. | ||
| + | 2 IN PTR smartcard-gw.smartcards.local. | ||
| + | ; Other servers | ||
| + | 10 IN PTR smartcard-prod-00.smartcards.local. | ||
| + | 11 IN PTR smartcard-prod-01.smartcards.local. | ||
| + | 12 IN PTR smartcard-prod-02.smartcards.local. | ||
| + | 13 IN PTR smartcard-prod-03.smartcards.local. | ||
| + | |||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | Notes: | ||
| + | |||
| + | * Don't forget to adjust the serial every-time you edit the file ! | ||
| + | |||
| + | * Note the difference in the "SOA" | ||
| + | ** domain configuration (previous) : smartcards.local root.smartcards.local | ||
| + | ** Reverse configuration : '''smartcard-gw'''.smartcards.local root.smartcards.local | ||
| + | |||
| + | * You only need to put the last byte value in the reverse | ||
| + | |||
| + | * PTR = redirection to A entry | ||
| + | |||
| + | |||
| + | |||
| + | ==Take changes into account== | ||
| + | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| + | service bind9 restart | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 13:06, 3 June 2014
The DNS [Domain Name System] is a key component of a network infrastructure. It allows you to use NAMES instead of IP addresses and technical garbage.
You can learn how it works through a simple Google request.
Here, I will present the installation of:
- DNS primary server (= DNS for domain smartcards.local) using BIND9
- Local domain (.local)
You can re-use all this content for a web-site or public domain. Just replace smartcards.local by mywebsite.com.
Contents
Setup
apt-get install bind9 dnsutils bind9-doc
Primary master
A DNS primary master is the main DNS for your local domain (ex: smartcards.local).
These are the steps to do:
- Set the external DNS to use by your server
- File: /etc/bind/named.conf.options
- Declare the new domain to manage
- File: /etc/bind/named.conf.local
- Create a dedicated configuration file for the new domain
- New file: /etc/bind/smartcards.local
- Adjust the reverse zone
- File: /etc/bind/named.conf.local
- Rename and adjust file: /etc/bind/db.192
Set the external DNS
This is the list of DNS your server will use to populate its own cache.
The external DNS can either be your ISP's DNS or Google's servers.
!! Mind the order !! First DNS have a higher priority.
Edit configuration file:
vim /etc/bind/named.conf.options
Uncomment and adjust the file content
[...]
forwarders {
# Local gateway or router
172.16.50.1;
# Your ISP DNS IP’s
182.176.39.23;
182.176.18.13;
# Google's DNS
8.8.8.8
8.8.4.4
};
[...]
Declare the new domain
Edit configuration file:
vim /etc/bind/named.conf.local
Uncomment and adjust the file content
zone "smartcards.local" {
type master;
file "/etc/bind/smartcards.local";
};
Domain configuration file
Create the domain configuration file from a local template:
cp /etc/bind/db.local /etc/bind/smartcards.local
Edit configuration file:
vim /etc/bind/smartcards.local
Adjust the file content
;
; BIND data file for smartcards.local (you can use mywebsite.com)
;
$TTL 604800
@ IN SOA smartcards.local. root.smartcards.local. (
201406031132 ; Serial
; As the serial be changed everytime you edit this file
; it is recommended to use the pattern "yyyyMMddHHmm"
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; DNS server declaration
; Each NS must point to an A record, not a CNAME.
; This is where the Primary and Secondary DNS servers are defined
IN NS smartcard-gw.smartcards.local
IN A 172.16.50.2
smartcard-gw IN A 172.16.50.2
;
; -- alternative --
; To declare a server a specific domain only
;website.com IN NS smartcard-gw.website.com
;website.com IN A 172.16.50.2
; Declare your servers and networks hosts
smarcartd-prod-00 IN A 172.16.50.10
smarcartd-prod-01 IN A 172.16.50.11
smarcartd-prod-02 IN A 172.16.50.12
smarcartd-prod-03 IN A 172.16.50.13
; Create an alias to an existing record
;wwww IN CNAME smartcard-gw
Notes:
- Don't forget to adjust the serial every-time you edit the file !
- NS = Name server
- A = IP v4 entry
- AAAA = IP v6 entry
- CNAME = Alias to a previous A or AAAA entry
Reverse zone file
Now that the zone is setup and resolving names to IP Adresses a Reverse zone is also required. A Reverse zone allows DNS to resolve an address to a name.
Declare reverse zone
Edit configuration file:
vim /etc/bind/named.conf.local
Add the following reverse
# Our reverse zone
# Server IP 172.16.50.2
zone "50.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172";
};
Key points:
- Replace 50.16.172 with the first three octets of whatever network you are using - in reverse order!
- Name the zone file /etc/bind/db.172 : it should match the first octet of your network.
Configure reverse zone
Now create the /etc/bind/db.172 file:
cp /etc/bind/db.127 /etc/bind/db.172
Edit the new file:
vim /etc/bind/db.172
The content is basically the same as /etc/bind/smartcards.local:
;
; BIND reverse data file for local 172.16.50.XXX net
;
$TTL 604800
@ IN SOA smartcard-gw.smartcards.local. root.smartcards.local. (
201406031301 ; Serial
; As the serial be changed everytime you edit this file
; it is recommended to use the pattern "yyyyMMddHHmm"
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Local server
@ IN NS smartcard-gw.
2 IN PTR smartcard-gw.smartcards.local.
; Other servers
10 IN PTR smartcard-prod-00.smartcards.local.
11 IN PTR smartcard-prod-01.smartcards.local.
12 IN PTR smartcard-prod-02.smartcards.local.
13 IN PTR smartcard-prod-03.smartcards.local.
Notes:
- Don't forget to adjust the serial every-time you edit the file !
- Note the difference in the "SOA"
- domain configuration (previous) : smartcards.local root.smartcards.local
- Reverse configuration : smartcard-gw.smartcards.local root.smartcards.local
- You only need to put the last byte value in the reverse
- PTR = redirection to A entry
Take changes into account
service bind9 restart
