Configure DNS Server on FreeBSD
Quite often, the question arises of introducing its own DNS server, which could not only serve the requests of external users for the acquired DNS names, but also serve user requests on the local network. This task is relatively easy to solve using the FreeBSD OS.
Objective:
Configure a Bind DNS server running FreeBSD to serve client requests on the internal network and serve direct and reverse DNS zones with the function of forwarding them to a secondary DNS server. The type of all zones on the server is Master, that is, this server provides authoritative answers for all zones.
Given:
1. The internal IP address of the DNS server is 192.168.0.1/24
2. The external IP address of the DNS server is 10.10.10.1/24
3. The IP address of the secondary server is 10.10.10.2/24
4. Direct DNS zone - test.dom
5. Reverse DNS zone - 10.10.10.in-addr.arpa
Solution:
1. In the /etc/rc.conf file, we specify the start of the DNS server at system startup
named_enable=”YES”
2. We list the configuration file / etc /namedb/named.conf to the following form: Where: acl - an access list with the name ACCESS and a description of the networks in it that are allowed to use our DNS server. directory - Working directory Bind pid-file - Placement of the PID file dump-file - Placement of the DUMP file statistics-file - Placement of the statistics file listen-on
acl ACCESS { 127.0.0.1; 192.168.0.0/24; 10.10.10.0/24; };
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 10.10.10.1; };
allow-recursion { ACCESS; };
allow-transfer { 10.10.10.2; };
transfer-source 10.10.10.1;
version "Bind DNS Server";
};
logging {
category lame-servers { null; };
};
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "master/localhost";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.in-addr.arpa";
};
zone "test.dom" {
type master;
file "master/test.dom";
allow-query { any; };
};
zone "10.10.10.in-addr.arpa" {
type master;
file "master/10.10.10.in-addr.arpa";
allow-query { any; };
};
- Specify the IP addresses of the interfaces on which Bind will "listen" for
allow-recursion requests - Specify access lists to whom recursive requests to the
allow-transfer server are allowed - Specify the IP address of the secondary DNS server to which our
transfer-source zones will be forwarded - Specify IP the interface through which the transfer of zones
version will be allowed - Specify your version of the DNS server
logging - Specify the logging restriction
zone "." - The zone describing the root DNS server is necessary for operation. Stored in /etc/namedb/named.root
zone "localhost"- A direct zone describing the local server is required for operation. It is stored in the file / etc / namedb / master / localhost
zone “0.0.127.in-addr.arpa” - The reverse zone describing the local server is necessary for operation. It is stored in the file /etc/namedb/master/0.0.127.in-addr.arpa
zone "test.dom" - Our direct zone. It is stored in the file /etc/namedb/master/test.dom Since the master copy of the zone is stored on our server, using allow-query, we allow everyone to poll it.
zone "10.10.10.in-addr.arpa" is our reverse zone. It is stored in the file /etc/namedb/master/10.10.10.in-addr.arpa. Since the master copy of the zone is stored on our server, using allow-query, we allow everyone to poll it.
3. Configure zone files
3.1. Zone "."- leave the default
3.2. Zone "localhost" . The configuration file / etc / namedb / master / localhost is reduced to the following form: 3.3. Zone "0.0.127.in-addr.arpa" . The configuration file /etc/namedb/master/0.0.127.in-addr.arpa is reduced to the following form: 3.4. Zone "test.dom" . The configuration file /etc/namedb/master/test.dom is reduced to the following form: 3.5. Zone "10.10.10.in-addr.arpa" . The configuration file /etc/namedb/master/10.10.10.in-addr.arpa is reduced to the following form: Where, for example, for the test.dom zone from top to bottom:
$TTL 3600
@ IN SOA localhost. root.localhost. (
2009070601 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS localhost.
IN A 127.0.0.1
$TTL 3600
@ IN SOA localhost. root.localhost. (
2009070601 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
$TTL 3600
@ IN SOA ns1.test.dom. hostmaster.test.dom. (
2009082801 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS ns1.test.dom.
IN NS ns2.test.dom.
@ IN A 10.10.10.1
ns1 IN A 10.10.10.1
ns2 IN A 10.10.10.2
$TTL 3600
@ IN SOA ns1.test.dom. hostmaster.test.dom. (
2009082801 ; Serial
3600 ; Refresh
600 ; Retry
2419200 ; Expire
86400 ) ; Minimum
IN NS ns1.test.dom.
IN NS ns2.test.dom.
1 IN PTR ns1.test.dom.
2 IN PTR ns2.test.dom.
- The time indicating the duration in seconds, how long the record should be stored in the cache.
- @ - zone name - replacement character, IN - record class INTERNET - default value, SOA - description of global variables of the zone, ns1.test.dom. Is the name of the DNS server for this zone, hostmaster.test.dom. - The mailing address of the DNS server administrator for this zone. Instead of the @ sign, the “.” Sign is used as a separator
- The serial number of the record change. To re-read the zone by the secondary server, at each change, it is necessary to increase the last digit by 1
- The time after which the secondary DNS server will try to re-read the zone
- The time after which the secondary server will try to re-read the zone if it failed to contact the primary DNS server during the period specified in Refresh
- Indicates after what time these zones are no longer authoritative for this server. Used by secondary servers.
- An obsolete attribute indicating the lifetime of saving zone data in the cache.
- Indication of the DNS of the primary DNS server for this zone
- Indication of the secondary DNS server for this zone
- Description of the nodes in this zone
4. We manage the DNS server using the following commands:
freebsd# /etc/rc.d/named start | stop | restart | status
Additionally:
The most commonly used types of DNS records:
A - record on the host IP address in
NS network - record on DNS server
CNAME - record on canonical name for
PTR node - record pointer on domain name, used in reverse zones
MX- an entry for determining mail routing.
To check the health, you can use tools such as dig or nslookup.
Example of using dig:
freebsd# dig @localhost test.dom ANY
The command means - listing records of type ANY in the test.dom zone using the localhost server. Example of using nslookup: In my opinion, using dig for diagnostics is more flexible although those who know fully how to use nslookup will say the same about him. I also recommend a great guide to setting up DNS .
; <<>> DiG 9.4.3-P2 <<>> @localhost test.dom ANY
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35560
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION:
;test.dom. IN ANY
;; ANSWER SECTION:
test.dom. 3600 IN A 10.10.10.1
test.dom. 3600 IN SOA ns1.test.dom. hostmaster.test.dom. 2009082801 3600 600 2419200 86400
test.dom. 3600 IN NS ns1.test.dom.
test.dom. 3600 IN NS ns2.test.dom.
;; ADDITIONAL SECTION:
ns1.test.dom. 3600 IN A 10.10.10.1
ns2.test.dom. 54886 IN A 10.10.10.2
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 30 23:04:41 2009
;; MSG SIZE rcvd: 330
freebsd# nslookup
> test.dom
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: test.dom
Address: 10.10.10.1
>