DNS server installation

Revision as of 13:17, 22 August 2014 by WikiFreak (talk | contribs) (Created page with "Category:Linux The DNS [Domain Name System] is a key component of a network infrastructure. '''It allows you to use NAMES''' instead of IP addresses. =Introduction= ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


The DNS [Domain Name System] is a key component of a network infrastructure. It allows you to use NAMES instead of IP addresses.


Introduction

A quick DNS overview is available here: DNS server split principle#Simple DNS zone



Setup

apt-get install bind9 dnsutils bind9-doc



DNS server configuration

You need to configure the OVERRALL behavior of the DNS server.

  • What are the external DNS?
  • Enable DNSSEC?
  • IP v6 support?


Set the external DNS

This is the list of DNS your server will use to populate its own cache.


The external DNS can either be your ISP's DNS or Google's servers.

!! Mind the order !! First DNS have a higher priority.


Edit configuration file:

vim /etc/bind/named.conf.options


Uncomment and adjust the file content

[...]
forwarders {
     # Your ISP DNS IP’s 
     182.176.39.23;
     182.176.18.13;

     # Google's DNS
     8.8.8.8;
     8.8.4.4;
};
[...]


Disable DNS SEC

DNS is one of the most vulnerable protocols. Therefore the next generation called "DNS-SEC" is being implemented right now.

But... enabling DNS SEC can lead to security error and forward blocking if you don't have a proper certificate.


I don't have enough time to setup the correct certificate so I disabled DNS-SEC.


Edit configuration file:

vim /etc/bind/named.conf.options


Disable the DNS-SEC options:

dnssec-enable no;
dnssec-validation no;


Disable IPv6 DNS requests

You can still be listening on your local IPv6 interface, however if your router is not IPv6 compatible you should disable IPv6 requests. If you do not disable IPv6 requests then you'll see the following errors in your /var/log/syslog:

error (network unreachable) resolving './DNSKEY/IN': 2001:: ...


Edit the configuration file:

vim /etc/default/bind9


Add / update the options:

OPTIONS="-4"


That means if the host is capable of IPv4 then IPv4 should be preferred.




DNS server logs

Logs are in /var/log/syslog