Sunday, July 3, 2016

debian - Setting up a DNS name server for a mass virtual host with Bind9



I am trying to set up a chrooted DNS name server in a local LAN like this everyone connected in the LAN can have access to the mass virtual hosts defined for a development ambience without having to edit manually their local /etc/hosts one by one. The mass virtual host is named example.user.dev (VirtualDocumentRoot /home/user/example ) and example.test (DocumentRoot /var/www/example).



I set up everything and the /var/log/syslog doesn't show any error, but when checking the DNS with:




host -v example.test





Doesn't find the host. Also using the dig command I don't receive answer.




dig -x example.test



; <<>> DiG 9.5.1-P3 <<>> -x example
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47844
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0



;; QUESTION SECTION:
;example.in-addr.arpa. IN PTR




;; AUTHORITY SECTION:
in-addr.arpa. 600 IN SOA a.root-servers.net. dns-ops.arin.net. 2010042604 1800 900 691200 10800



;; Query time: 108 msec
;; SERVER: 80.58.0.33#53(80.58.0.33)
;; WHEN: Mon Apr 26 11:15:53 2010
;; MSG SIZE rcvd: 107




My configuration is the following:







zone "example.test" { 



   type master;  
   allow-query { any; };
   file "/etc/bind/zones/master_example.test";
   notify yes;


};




zone "1.168.192.in-addr.arpa" { 



   type master;
   allow-query { any; };
   file "/etc/bind/zones/master_1.168.192.in-addr.arpa";
   notify yes;


};








  • Note: We have an static IP address so I forward the querys to DNS server to said IP address.




options{




    directory "/var/cache/bind";  
    forwarders { 80.34.100.160; };
    auth-nxdomain no;  
    listen-on-v6 { any; };


};








$ORIGIN example.test.
$TTL 86400
@ IN SOA example.test. root.example.test. (



                   201004227       ; serial  
                   28800              ; refresh  
                   14400              ; retry  
                   3600000              ; expire  
                   86400 )            ; min



;



TXT "example.test, DNS service"
@ IN NS example.test.
localhost A 127.0.0.1
example.test. A 192.168.1.52
example A 192.168.1.52
www CNAME example.test.








127.0.0.1 localhost example
192.168.1.52 localhost example example.test







  • Note: For Bind I just added the 3 last lines.





nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254



search example.test
search example
nameserver 192.168.1.52








Some major changes. Now I have this configuration:







search example.test
search example
nameserver 192.168.1.52



nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254








127.0.0.1 localhost example example.test
192.168.1.52 dns1.example.test






I just commented out the reverse address zone.







$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. (



                   2010042214       ; serial  
                   21600              ; refresh  
                   3600              ; retry  
                   604800              ; expire  
                   86400 )            ; min



IN NS dns1.example.test.
IN NS dns2.example.test.
IN A 192.168.1.52



example IN A 192.168.1.52
dns1 IN A 192.168.1.52
dns2 IN A 192.168.1.52
www CNAME example




And now executing:





dig example.test @192.168.1.52



; <<>> DiG 9.5.1-P3 <<>> example.test @192.168.1.52
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53489
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2



;; QUESTION SECTION:
;example.test. IN A



;; ANSWER SECTION:
example.test. 86400 IN A 192.168.1.52



;; AUTHORITY SECTION:
example.test. 86400 IN NS dns1.example.test.
example.test. 86400 IN NS dns2.example.test.




;; ADDITIONAL SECTION:
dns1.example.test. 86400 IN A 192.168.1.52
dns2.example.test. 86400 IN A 192.168.1.52



;; Query time: 1 msec
;; SERVER: 192.168.1.52#53(192.168.1.52)
;; WHEN: Mon Apr 26 12:38:56 2010
;; MSG SIZE rcvd: 118




So, now, which should be my next step forward?








I left the DNS server resolv.conf like this:




nameserver 192.168.1.52
nameserver 80.58.0.33
nameserver 80.58.61.250
nameserver 80.58.61.254




and added the DNS server addres 192.168.1.52 to any client computer in their resolv.conf



Like this I am able to reach from each computer to http://example.test .




For being able to reach to each individual virtual host of the development ambience should I create a new zone or use a wildcard in the example.test zone I created?







Finally I left my zones like this. One zone for the test virtual host, and the other one for the mass virtual host for development issues. Everything works as I wanted and with fastness and a good performance. Don't know if there is a better configuration than this for the system I built. Any advise would be taken care of.







$ORIGIN example.test.
$TTL 86400
@ IN SOA dns1.example.test. hostmaster.example.test. ( 



                        2010042215       ; serial  
                        21600              ; refresh  
                        3600              ; retry  
                        604800              ; expire  
                        86400 )            ; min



@ IN NS dns1.example.test.
@ IN NS dns2.example.test.
@ IN A 192.168.1.52
www IN CNAME @







$ORIGIN dev.
$TTL 86400
@ IN SOA dev. hostmaster.dev. ( 



                        2010042215       ; serial  

                        21600              ; refresh  
                        3600              ; retry  
                        604800              ; expire  
                        86400 )            ; min


@ IN NS dev.
@ IN A 192.168.1.52
*.dev. IN A 192.168.1.52








zone "example.test" { 



   type master;  
   allow-query { any; };
   file "/etc/bind/zones/master_example.test";
   notify yes;



};



zone "dev" { 



   type master;  
   allow-query { any; };
   file "/etc/bind/zones/master_dev";
   notify yes;



};



zone "1.168.192.in-addr.arpa" { 



   type master;
   allow-query { any; };
   file "/etc/bind/zones/master_1.168.192.in-addr.arpa";
   notify yes;



};







  • Note: We have an static IP address so I forward the querys to DNS server to said IP address. Finally I added to the forwarders the ISP DNS IP in order to not do a bottle-neck in the web traffic, because experimentally I had a high raise in the speed for HTTP connections inside and outside of the local LAN.





options{



    directory "/var/cache/bind";
    allow-query { 192.168.1.0/24; localhost;};
    allow-recursion { 192.168.1.0/24; localhost;};
    forwarders { 80.58.0.33; 80.34.100.160; };
    auth-nxdomain no;  
    listen-on-v6 { any; };



};



Answer



Looking at the IP addresses in your resolv.conf I get the feeling that your BIND server is on 192.168.1.52. As far as I can tell, you can't specify in resolv.conf something like "for these domains, use this name server". Basically, your BIND server will never be queried. As you can see in your dig lookup (which is incorrect, it is asking for a reverse DNS entry), it tries 80.58.0.33, which I assume is your provider's DNS server.



You already set up BIND as caching nameserver by using the 'forwarders' option, so what you need to do is have only 192.168.1.52 in the client PCs as nameserver.



To see if your BIND is configured correctly, try this:



dig example.test @192.168.1.52


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...