apt-get install bind9Configure The Master
First we need to stop bind9:
/etc/init.d/bind9 stopedit the /etc/bind/named.conf.options file so it looks something like this (use the forwarders of your liking):
options {Add the ip of this newly installed DNS server (the localhost) to your /etc/resolv.conf to use it:
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
dnssec-enable yes;
query-source address * port 53;
allow-query { any; };
forwarders {
8.8.8.8;
208.67.222.222;
208.67.220.220;
};
auth-nxdomain no; # conform to RFC1035
//listen-on-v6 { any; };
};
echo "search linux.lan" > /etc/resolv.confNow restart bind9:
echo "nameserver 127.0.0.1" >> /etc/resolv.conf
/etc/init.d/bind9 startAnd test !
ping www.google.comIf you get a reply, then your DNS master server is working and ready to use. We will now fill and use the linux.lan domain with our new master server.
Setting up the linux.lan domain
The master DNS server is currently just forwarding requests to the server(s) you have configured in the options file. So, we will now install and configure our own domain and let our new server handle all request regarding that domain.
Lets start with creating the directory where we will store the zone file. This file contains all info about the domain.
mkdir /etc/bind/zones/Next we will create the zones file, /etc/bind/zones/master_linux.lan, something like this:
$TTL 3DHere we have created a simple zone file with both nameservers and a www alias for ns1. Just in case we have a running apache on ns1 ;)
@ IN SOA ns1.linux.lan. hostmaster.linux.lan. (
199802151 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
TXT "Linux.LAN, serving YOUR domain :)"
NS ns1 ; Inet Address of name server
NS ns2
MX 10 mail ; Primary Mail Exchanger
localhost A 127.0.0.1
ns1 A 192.168.254.1
ns2 A 192.168.254.2
www CNAME ns1
Now edit /etc/bind/named.conf.local and add:
zone "linux.lan" {This is it, we can now restart bind and check if it works:
type master;
file "/etc/bind/zones/master_linux.lan";
};
/etc/init.d/bind9 restart
And test if it's working:
ping ns1.linux.lanAt this stage you should have a working and usable DNS server.
If it says it cannot find the domain, maybe dhclient has changed your nameserver entry... You should check that.
Installing The Slave
Basically, the slave uses the same basic system as we constructed in the first part (just before we added the zone file). We will add some little changes to both master and slave to make them work together. The zones file will be transfered over the net using encryption.
Unless else stated, these commands are for the slave ONLY.
Create the zones dir:
mkdir /etc/bind/zonesFor both master AND slave edit /etc/bind/named.conf.options and make sure you have:
dnssec-enable yes;Now we need a secure key. This will generate a .private and a .key file. The 'key=' line in the .private file represents the hashkey:
dnssec-keygen -a hmac-md5 -b 128 -n host linux.lanAdd this in your /etc/bind/named.conf on master AND slave:
key "TRANSFER" {On the master add the slave ip to /etc/bind/named.conf:
algorithm hmac-md5;
secret "---HASHKEY---";
};
server 192.168.254.2 {And on the slave we add the master ip to /etc/bind/named.conf:
keys {
TRANSFER;
};
};
server 192.168.254.1 {Add to /etc/bind/named.conf.local:
keys {
TRANSFER;
};
};
zone "linux.lan" {Finally we need to, on BOTH hosts, add this to /etc/bind/named.conf:
type slave;
file "/etc/bind/zones/slave_linux.lan";
masters { 192.168.254.1; };
allow-notify { 192.168.254.1; };
};
include "/etc/bind/rndc.key";In order to have a succesfull zone transfer both systems need to have a synchronised clock, so:
apt-get -y install ntpdate
Restart bind on both machines and notice the new zone file on the slave.
If you're wondering why _updates_ to the zonefile on your master seem to fail, check the expire etc. settings inside the zonefile.
NOTE: if you get an error on syslog saying "bind dumping master file (...) permission denied ubuntu" check the /etc/apparmor.d/usr.sbin.named file and change the line:
/etc/bind/** r,into:
/etc/bind/** rw,
No comments:
Post a Comment