Configure DNS Server on FreeBSD

    image

    Quite often, the question arises of introducing its own DNS server, which could not only serve the requests of external users for the acquired DNS names, but also serve user requests on the local network. This task is relatively easy to solve using the FreeBSD OS.

    Objective:

    Configure a Bind DNS server running FreeBSD to serve client requests on the internal network and serve direct and reverse DNS zones with the function of forwarding them to a secondary DNS server. The type of all zones on the server is Master, that is, this server provides authoritative answers for all zones.

    Given:

    1. The internal IP address of the DNS server is 192.168.0.1/24
    2. The external IP address of the DNS server is 10.10.10.1/24
    3. The IP address of the secondary server is 10.10.10.2/24
    4. Direct DNS zone - test.dom
    5. Reverse DNS zone - 10.10.10.in-addr.arpa

    Solution:

    1. In the /etc/rc.conf file, we specify the start of the DNS server at system startup

    named_enable=”YES”

    2. We list the configuration file / etc /namedb/named.conf to the following form: Where: acl - an access list with the name ACCESS and a description of the networks in it that are allowed to use our DNS server. directory - Working directory Bind pid-file - Placement of the PID file dump-file - Placement of the DUMP file statistics-file - Placement of the statistics file listen-on

    acl ACCESS { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };

    options {
    directory "/etc/namedb";
    pid-file "/var/run/named/pid";
    dump-file "/var/dump/named_dump.db";
    statistics-file "/var/stats/named.stats";
    listen-on { 127.0.0.1; 10.10.10.1; };
    allow-recursion { ACCESS; };
    allow-transfer { 10.10.10.2; };
    transfer-source 10.10.10.1;
    version "Bind DNS Server";
    };

    logging {
    category lame-servers { null; };
    };

    zone "." {
    type hint;
    file "named.root";
    };

    zone "localhost" {
    type master;
    file "master/localhost";
    };

    zone "0.0.127.in-addr.arpa" {
    type master;
    file "master/0.0.127.in-addr.arpa";
    };

    zone "test.dom" {
    type master;
    file "master/test.dom";
    allow-query { any; };
    };

    zone "10.10.10.in-addr.arpa" {
    type master;
    file "master/10.10.10.in-addr.arpa";
    allow-query { any; };
    };









    - Specify the IP addresses of the interfaces on which Bind will "listen" for
    allow-recursion requests - Specify access lists to whom recursive requests to the
    allow-transfer server are allowed - Specify the IP address of the secondary DNS server to which our
    transfer-source zones will be forwarded - Specify IP the interface through which the transfer of zones
    version will be allowed - Specify your version of the DNS server
    logging - Specify the logging restriction
    zone "." - The zone describing the root DNS server is necessary for operation. Stored in /etc/namedb/named.root
    zone "localhost"- A direct zone describing the local server is required for operation. It is stored in the file / etc / namedb / master / localhost
    zone “0.0.127.in-addr.arpa” - The reverse zone describing the local server is necessary for operation. It is stored in the file /etc/namedb/master/0.0.127.in-addr.arpa
    zone "test.dom" - Our direct zone. It is stored in the file /etc/namedb/master/test.dom Since the master copy of the zone is stored on our server, using allow-query, we allow everyone to poll it.
    zone "10.10.10.in-addr.arpa" is our reverse zone. It is stored in the file /etc/namedb/master/10.10.10.in-addr.arpa. Since the master copy of the zone is stored on our server, using allow-query, we allow everyone to poll it.

    3. Configure zone files

    3.1. Zone "."- leave the default

    3.2. Zone "localhost" . The configuration file / etc / namedb / master / localhost is reduced to the following form: 3.3. Zone "0.0.127.in-addr.arpa" . The configuration file /etc/namedb/master/0.0.127.in-addr.arpa is reduced to the following form: 3.4. Zone "test.dom" . The configuration file /etc/namedb/master/test.dom is reduced to the following form: 3.5. Zone "10.10.10.in-addr.arpa" . The configuration file /etc/namedb/master/10.10.10.in-addr.arpa is reduced to the following form: Where, for example, for the test.dom zone from top to bottom:

    $TTL 3600

    @ IN SOA localhost. root.localhost. (
    2009070601 ; Serial
    3600 ; Refresh
    600 ; Retry
    2419200 ; Expire
    86400 ) ; Minimum

    IN NS localhost.

    IN A 127.0.0.1




    $TTL 3600

    @ IN SOA localhost. root.localhost. (
    2009070601 ; Serial
    3600 ; Refresh
    600 ; Retry
    2419200 ; Expire
    86400 ) ; Minimum

    IN NS localhost.

    1 IN PTR localhost.




    $TTL 3600
    @ IN SOA ns1.test.dom. hostmaster.test.dom. (
    2009082801 ; Serial
    3600 ; Refresh
    600 ; Retry
    2419200 ; Expire
    86400 ) ; Minimum

    IN NS ns1.test.dom.
    IN NS ns2.test.dom.

    @ IN A 10.10.10.1

    ns1 IN A 10.10.10.1
    ns2 IN A 10.10.10.2




    $TTL 3600
    @ IN SOA ns1.test.dom. hostmaster.test.dom. (
    2009082801 ; Serial
    3600 ; Refresh
    600 ; Retry
    2419200 ; Expire
    86400 ) ; Minimum

    IN NS ns1.test.dom.
    IN NS ns2.test.dom.

    1 IN PTR ns1.test.dom.
    2 IN PTR ns2.test.dom.




    - The time indicating the duration in seconds, how long the record should be stored in the cache.
    - @ - zone name - replacement character, IN - record class INTERNET - default value, SOA - description of global variables of the zone, ns1.test.dom. Is the name of the DNS server for this zone, hostmaster.test.dom. - The mailing address of the DNS server administrator for this zone. Instead of the @ sign, the “.” Sign is used as a separator
    - The serial number of the record change. To re-read the zone by the secondary server, at each change, it is necessary to increase the last digit by 1
    - The time after which the secondary DNS server will try to re-read the zone
    - The time after which the secondary server will try to re-read the zone if it failed to contact the primary DNS server during the period specified in Refresh
    - Indicates after what time these zones are no longer authoritative for this server. Used by secondary servers.
    - An obsolete attribute indicating the lifetime of saving zone data in the cache.
    - Indication of the DNS of the primary DNS server for this zone
    - Indication of the secondary DNS server for this zone
    - Description of the nodes in this zone

    4. We manage the DNS server using the following commands:

    freebsd# /etc/rc.d/named start | stop | restart | status

    Additionally:

    The most commonly used types of DNS records:

    A - record on the host IP address in
    NS network - record on DNS server
    CNAME - record on canonical name for
    PTR node - record pointer on domain name, used in reverse zones
    MX- an entry for determining mail routing.

    To check the health, you can use tools such as dig or nslookup.

    Example of using dig:

    freebsd# dig @localhost test.dom ANY

    The command means - listing records of type ANY in the test.dom zone using the localhost server. Example of using nslookup: In my opinion, using dig for diagnostics is more flexible although those who know fully how to use nslookup will say the same about him. I also recommend a great guide to setting up DNS .

    ; <<>> DiG 9.4.3-P2 <<>> @localhost test.dom ANY
    ; (2 servers found)
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35560
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;test.dom. IN ANY

    ;; ANSWER SECTION:
    test.dom. 3600 IN A 10.10.10.1
    test.dom. 3600 IN SOA ns1.test.dom. hostmaster.test.dom. 2009082801 3600 600 2419200 86400
    test.dom. 3600 IN NS ns1.test.dom.
    test.dom. 3600 IN NS ns2.test.dom.

    ;; ADDITIONAL SECTION:
    ns1.test.dom. 3600 IN A 10.10.10.1
    ns2.test.dom. 54886 IN A 10.10.10.2

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Aug 30 23:04:41 2009
    ;; MSG SIZE rcvd: 330




    freebsd# nslookup
    > test.dom
    Server: 127.0.0.1
    Address: 127.0.0.1#53

    Name: test.dom
    Address: 10.10.10.1
    >



    Also popular now: