DNS server unique zone
The DNS [Domain Name System] is a key component of a network infrastructure. It allows you to use NAMES instead of IP addresses and technical garbage.
You can learn how it works through a simple Google request.
Here, I will present the installation of:
- DNS primary server (= DNS for domain smartcards.local) using BIND9
- Local domain (.local)
You can re-use all this content for a web-site or public domain. Just replace smartcards.local by mywebsite.com.
Contents
Primary master
A DNS primary master is the main DNS for your local domain (ex: smartcards.local).
These are the steps to do:
- Set the external DNS to use by your server
- File: /etc/bind/named.conf.options
- Declare the new domain to manage
- File: /etc/bind/named.conf.local
- Create a dedicated configuration file for the new domain
- New file: /etc/bind/smartcards.local
- Adjust the reverse zone
- File: /etc/bind/named.conf.local
- Rename and adjust file: /etc/bind/db.192
Declare the new domain
Edit configuration file:
vim /etc/bind/named.conf.local
Uncomment and adjust the file content
zone "smartcards.local" {
type master;
file "/etc/bind/smartcards.local";
};
Domain configuration file
Create the domain configuration file from a local template:
cp /etc/bind/db.local /etc/bind/smartcards.local
Edit configuration file:
vim /etc/bind/smartcards.local
Adjust the file content
;
; BIND data file for smartcards.local (you can use mywebsite.com)
;
$TTL 604800
@ IN SOA smartcard-gw.smartcards.local. root.smartcards.local. (
20140603 ; Serial
; As the serial be changed everytime you edit this file
; it is recommended to use the pattern "yyyyMMdd"
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; DNS server declaration
; Each NS must point to an A record, not a CNAME.
; This is where the Primary and Secondary DNS servers are defined
;
@ IN NS smartcard-gw.smartcards.local.
smartcard-gw IN A 172.16.50.2
;
; -- alternative --
; To declare a server a specific domain only
;
;website.com IN NS smartcard-gw.website.com.
;website.com IN A 172.16.50.2
;
; Gateway (router)
;
cisco-router IN A 172.16.50.1
;
; Declare your servers and networks hosts
;
smarcartd-prod-00 IN A 172.16.50.50
smarcartd-prod-01 IN A 172.16.50.51
smarcartd-prod-02 IN A 172.16.50.52
smarcartd-prod-03 IN A 172.16.50.53
; Create an alias to an existing record
;wwww IN CNAME smartcard-gw
Notes:
- Don't forget to adjust the serial every-time you edit the file !
- NS = Name server
- A = IP v4 entry
- AAAA = IP v6 entry
- CNAME = Alias to a previous A or AAAA entry
Reverse zone file
Now that the zone is setup and resolving names to IP Adresses a Reverse zone is also required. A Reverse zone allows DNS to resolve an address to a name.
Declare reverse zone
Edit configuration file:
vim /etc/bind/named.conf.local
Add the following reverse
# Our reverse zone
# Server IP 172.16.50.2
zone "50.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172";
};
Key points:
- Replace 50.16.172 with the first three octets of whatever network you are using - in reverse order!
- Name the zone file /etc/bind/db.172 : it should match the first octet of your network.
Configure reverse zone
Now create the /etc/bind/db.172 file:
cp /etc/bind/db.127 /etc/bind/db.172
Edit the new file:
vim /etc/bind/db.172
The content is basically the same as /etc/bind/smartcards.local:
;
; BIND reverse data file for local 172.16.50.XXX net
;
$TTL 604800
@ IN SOA smartcard-gw.smartcards.local. root.smartcards.local. (
20140603 ; Serial
; As the serial be changed everytime you edit this file
; it is recommended to use the pattern "yyyyMMdd"
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Local server
;
@ IN NS smartcard-gw.
2 IN PTR smartcard-gw.smartcards.local.
; Gateway (router)
1 IN PTR cisco-router.smartcards.local
;
; Other components and hosts
;
50 IN PTR smartcard-prod-00.smartcards.local.
51 IN PTR smartcard-prod-01.smartcards.local.
52 IN PTR smartcard-prod-02.smartcards.local.
53 IN PTR smartcard-prod-03.smartcards.local.
Notes:
- Don't forget to adjust the serial every-time you edit the file !
- You only need to put the last byte value in the reverse
- PTR = redirection to A entry
Take changes into account
service bind9 restart
DNS server logs
Logs are in /var/log/syslog
Add new hostname
This is how we had a new host-name into the network:
Update LOCAL zone
Edit local zone:
vim /etc/bind/smartcards.local
Add a A or AAAA entry:
my-new-host IN A 172.16.50.60
Update REVERSE zone
Edit local zone:
vim /etc/bind/db.172
Add a A or AAAA entry:
60 IN PTR my-new-host.smartcards.local.
Restart service
service bind9 restart
Sources
You can find a lot of information about DNS on the web. I used the following tutorials:
- http://doc.ubuntu-fr.org/bind9 (in French)
Bug fixes:
- no forwarding due to DNS-SEC errors (broken trust chain): http://pewetheb.blogspot.se/2013/11/named-error-broken-trust-chain.html