DNS server unique zone

Revision as of 14:18, 22 August 2014 by WikiFreak (talk | contribs)


The DNS [Domain Name System] is a key component of a network infrastructure. It allows you to use NAMES instead of IP addresses and technical garbage.

You can learn how it works through a simple Google request.


Here, I will present the installation of:

  • DNS primary server (= DNS for domain smartcards.local) using BIND9
  • Local domain (.local)


You can re-use all this content for a web-site or public domain. Just replace smartcards.local by mywebsite.com.



Primary master

A DNS primary master is the main DNS for your local domain (ex: smartcards.local).


These are the steps to do:

  • Set the external DNS to use by your server
    • File: /etc/bind/named.conf.options
  • Declare the new domain to manage
    • File: /etc/bind/named.conf.local
  • Create a dedicated configuration file for the new domain
    • New file: /etc/bind/smartcards.local
  • Adjust the reverse zone
    • File: /etc/bind/named.conf.local
    • Rename and adjust file: /etc/bind/db.192


Declare the new domain

Edit configuration file: 

vim /etc/bind/named.conf.local


Uncomment and adjust the file content 

zone "smartcards.local" {
	type master;
        file "/etc/bind/smartcards.local";
};


Domain configuration file

Create the domain configuration file from a local template: 

cp /etc/bind/db.local /etc/bind/smartcards.local


Edit configuration file: 

vim /etc/bind/smartcards.local


Adjust the file content 

;
; BIND data file for smartcards.local (you can use mywebsite.com)
;
$TTL    604800
@       IN      SOA     smartcard-gw.smartcards.local. root.smartcards.local. (
                       20140603         ; Serial
                                        ; As the serial be changed everytime you edit this file
                                        ; it is recommended to use the pattern "yyyyMMdd"
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

; 
; DNS server declaration
; Each NS must point to an A record, not a CNAME. 
; This is where the Primary and Secondary DNS servers are defined
;
@                IN      NS      smartcard-gw.smartcards.local.
smartcard-gw     IN      A       172.16.50.2

;
; -- alternative -- 
; To declare a server a specific domain only
;
;website.com      IN      NS      smartcard-gw.website.com.
;website.com      IN      A       172.16.50.2


;
; Gateway (router)
;
cisco-router      IN      A       172.16.50.1

;
; Declare your servers and networks hosts 
;
smarcartd-prod-00 IN      A       172.16.50.50
smarcartd-prod-01 IN      A       172.16.50.51
smarcartd-prod-02 IN      A       172.16.50.52
smarcartd-prod-03 IN      A       172.16.50.53

; Create an alias to an existing record
;wwww             IN      CNAME   smartcard-gw


Notes:

  • Don't forget to adjust the serial every-time you edit the file !
  • NS = Name server
  • A = IP v4 entry
  • AAAA = IP v6 entry
  • CNAME = Alias to a previous A or AAAA entry


Reverse zone file

Now that the zone is setup and resolving names to IP Adresses a Reverse zone is also required. A Reverse zone allows DNS to resolve an address to a name.


Declare reverse zone

Edit configuration file: 

vim /etc/bind/named.conf.local


Add the following reverse 

# Our reverse zone
# Server IP 172.16.50.2
zone "50.16.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.172";
};


Key points:

  • Replace 50.16.172 with the first three octets of whatever network you are using - in reverse order!
  • Name the zone file /etc/bind/db.172 : it should match the first octet of your network.


Configure reverse zone

Now create the /etc/bind/db.172 file: 

cp /etc/bind/db.127 /etc/bind/db.172


Edit the new file: 

vim /etc/bind/db.172


The content is basically the same as /etc/bind/smartcards.local: 

;
; BIND reverse data file for local 172.16.50.XXX net
;
$TTL    604800
@       IN      SOA     smartcard-gw.smartcards.local. root.smartcards.local. (
                       20140603         ; Serial
                                        ; As the serial be changed everytime you edit this file
                                        ; it is recommended to use the pattern "yyyyMMdd"
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
; Local server
;
@       IN      NS      smartcard-gw.
2       IN      PTR     smartcard-gw.smartcards.local.

; Gateway (router)
1       IN      PTR     cisco-router.smartcards.local

;
; Other components and hosts
;
50       IN      PTR     smartcard-prod-00.smartcards.local.
51       IN      PTR     smartcard-prod-01.smartcards.local.
52       IN      PTR     smartcard-prod-02.smartcards.local.
53       IN      PTR     smartcard-prod-03.smartcards.local.


Notes:

  • Don't forget to adjust the serial every-time you edit the file !
  • You only need to put the last byte value in the reverse
  • PTR = redirection to A entry


Take changes into account

service bind9 restart


DNS server logs

Logs are in /var/log/syslog



Add new hostname

This is how we had a new host-name into the network:


Update LOCAL zone

Edit local zone: 

vim /etc/bind/smartcards.local


Add a A or AAAA entry: 

my-new-host       IN      A       172.16.50.60


Update REVERSE zone

Edit local zone: 

vim /etc/bind/db.172


Add a A or AAAA entry: 

60       IN      PTR     my-new-host.smartcards.local.


Restart service

service bind9 restart





Sources

You can find a lot of information about DNS on the web. I used the following tutorials:


Bug fixes:

Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=DNS_server_unique_zone&oldid=1405"