Home DNS Server????Yes please!!!

Here is where you can post tips and tricks to share with other users of MX. Do not ask for help in this Forum.
Forum rules
Locked
Message
Author
alamahant
Posts: 42
Joined: Thu Dec 19, 2019 9:48 pm

Home DNS Server????Yes please!!!

#1 Post by alamahant »

One might wonder why the heck does one need their own dns name server running in their network..
Well I can think of a thousand reasons ......
I always like to install and configure my own dns in every distro I install and I use it for name resolution between VMs and host,openldap and kerberos functionality,apache web servers and most of all because --well it makes you feel linux-y.
If you are also up to the task Lets Go!
First you will need to assign a fully qualified domain name or FQDN for short to your machine.
To do so open a terminal and run:

Code: Select all

hostnamectl set-hostname <machine-name>.<domain>.<dom>  ###For systemd users OR
echo "<machine-name>.<domain>.<dom>" > /etc/hostname && hostname -F /etc/hostname ###For SysVinit users
I wrote a simple script which extracts your network info and then installs the BIND/NAMED DNS name server on your machine.

Before you run the script these commands should work:
hostname
hostname -d OR dnsdomainname
and the /etc/hosts file only contain "127.0.0.1 localhost"

I both include the actual text and I have also uploaded the file.
Here it is:

Code: Select all

#!/bin/bash
###WRITTEN by alamahant on 26/12/2019
if ! ping -c 1 google.com >> /dev/null;then echo "No Internet Connectivity,EXITING!!!";exit;fi
apt update && apt install net-tools sipcalc
clear

myIP=$(ifconfig  | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }')
myNETMASK=$(ifconfig  | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $4 }')
myFQDN=$(hostname)
[ ! $(hostname -d) ] || [ ! $(dnsdomainname) ] && echo "THE SCRIPT ENCOUNTERED AN ERROR AND WILL EXIT!!!" && exit || myDOMAIN=$(hostname -d) || myDOMAIN=$(dnsdomainname)
myMACHINE=$(hostname | awk -F. '{ print $1 }')
myINADDR=$(ifconfig  | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }' | awk -F. '{ print $3"."$2"."$1 }')
mySERIAL=$(date '+%Y%m%d'01)
myPTR=$(ifconfig  | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }' | awk -F. '{ print $4 }')
myNETWORK=$(sipcalc $(ip a  | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }') | grep "Network address" | awk '{ print $4 }')
myCIDR=$(ip a  | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }' | awk -F/ '{ print $2 }')
myDNS=$(ip route | grep default | awk '{ print $3 }')
myREALM=$(echo ${myDOMAIN^^})


dnsinstall () {
if ! ping -c 1 google.com >> /dev/null;then echo "No Internet Connectivity,EXITING!!!";exit;fi
apt remove --purge bind9 
rm -rf /etc/bind >> /dev/null
apt update && apt install bind9
clear
cp -p /etc/bind/named.conf /etc/bind/named.conf.bak
mv /etc/bind/named.conf.options /etc/bind/named.conf.options.bak
mv  /etc/bind/named.conf.local /etc/bind/named.conf.local.bak


cat >> /etc/bind/$myDOMAIN.lan << EOF
\$TTL 86400
@   IN  SOA    $myFQDN. root.$myDOMAIN. (
        $mySERIAL            ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

        IN  NS     $myFQDN.
        IN  A       $myIP

        IN  MX 10   $myFQDN.

$myMACHINE     IN  A       $myIP
EOF

cat >> /etc/bind/$myINADDR.db << EOF
\$TTL 86400
@   IN  SOA    $myFQDN. root.$myDOMAIN. (
        $mySERIAL            ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

        IN  NS     $myFQDN.
	IN  PTR    $myDOMAIN.
        IN  A       $myNETMASK



$myPTR     IN  PTR       $myDOMAIN.
EOF

cat >> /etc/bind/named.conf.options << EOF
options {
        directory "/var/cache/bind";


        forwarders {
         $myDNS; 8.8.8.8;
         };

        dnssec-enable yes;
        dnssec-validation no;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };
        listen-on port 53 { any; };
        allow-query { localhost; $myNETWORK/$myCIDR; };
        recursion yes;
        allow-recursion { localhost; $myNETWORK/$myCIDR; };
        allow-transfer { localhost; $myNETWORK/$myCIDR; };

};

EOF


cat >> /etc/bind/named.conf.local << EOF
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

 zone "$myDOMAIN" IN {
                type master;
                file "/etc/bind/$myDOMAIN.lan";
                allow-update { none; };
        };
        zone "$myINADDR.in-addr.arpa" IN {
                type master;
                file "/etc/bind/$myINADDR.db";
                allow-update { none; };
        };

EOF

sed -i 's/OPTIONS="-u bind"/OPTIONS="-4 -u bind"/g' /etc/default/bind9
chown root:bind /etc/bind/named.conf*
pidof /lib/systemd/systemd >> /dev/null && systemctl enable --now bind9 && systemctl restart bind9 && systemctl restart bind9
pidof /sbin/init >> /dev/null && service bind9 restart && service bind9 restart
}    ###closing dnsinstall ()


dnsinstall
After you get the script rename it from dnsinstall-vers3.txt to dnsinstall and run "chmod +x dnsinstall" to make it executable.
Then run it as root "sudo bash dnsinstall".
You will have your own dns name server up and running in 30 seconds.
;)
Now your bind dns server is up and running hosting your domain.But what use is a dns server if it is not being used?
To really start using it you have to modify your network interface to use this dns server instead of your routers.
To do so open a terminal and enter the following:

Code: Select all

ip a ###to see your ip address and which interface it belongs to.
nmcli con show ##to see your interface profile names.
AME        UUID                                  TYPE      DEVICE 
br0         6caf8dac-98d6-4863-b97d-143eb2be6d9c  bridge    br0    
br0-slave1  c4a274eb-cc2f-4a37-b542-0bad957f91bc  ethernet  eth1   
eth1        52d6a1c3-d9fe-4303-9e20-f758ed8d3114  ethernet  --
In your case they might differ.You might see your wifi essid or Something like "Wired connection 1" or ethx etc.
Please look at the left column.This is the ifaces profile names whereas the rightmost column are the iface device names.
Continue in the same terminal with:

Code: Select all

nmcli con mod <iface-profile-name> ipv4.dns 127.0.0.1 ####Do this for your primary interface hosting your IP.
nmcli con down <iface-profile-name>
nmcli con up <iface-profile-name>
Best if you could use a GUI-tool like network-manager-applet in gnome or likewise to do all that the easy way.
VERIFY that everything is working:

Code: Select all

ping -c 3 $HOSTNAME
ping -c 3 $(hostname -d)
ping -c3 $(hostname | awk -F. '{ print $1 }')
ping -c 3 google.com
NOTE:In case you rerun the script after you have assigned your new server as the sole dns provider,you will loose name resolution because the script first will purge all bind9 files and then reinstall bind 9 again.
to avoid such a problem temporarily add a line "nameserver <your-router-ip>" in /etc/resolv.conf and feel free to rerun the script.

I also included a basic script to add A and PTR records to bind.
Rename it to "dns-record" make it executable and run it thus:"sudo bash dns-record <machine-name> <IP>"
If you are also interested in additional functionality to also includ ldap,kerberos and kerberised nfs please have a look here:viewtopic.php?f=23&t=55075&p=549634#p549634
Thats it.
Have fun
;)
You do not have the required permissions to view the files attached to this post.
Last edited by alamahant on Fri Jan 03, 2020 4:56 am, edited 18 times in total.
Top
User avatar
Head_on_a_Stick
Posts: 919
Joined: Sun Mar 17, 2019 3:37 pm

Re: Home DNS Server????Yes please!!!

#2 Post by Head_on_a_Stick »

The dnssec-trigger package will automatically configure a local DNSSEC validated nameserver and will also provide a systray icon to allow hotspot logins which require that the hotspot's DNS be used. No need for any scripts :-)
mod note: Signature removed, please read the forum rules
Top
alamahant
Posts: 42
Joined: Thu Dec 19, 2019 9:48 pm

Re: Home DNS Server????Yes please!!!

#3 Post by alamahant »

Oh my god!!!!
Thanks friend for the info...
If i only knew......
Waste of time trying to variableize my network........
It was fun though.
Having said that it seems that dnssec-trigger uses unbound dns server which apparently is a caching-only server.Will unbound host an internal domain?
I prefer bind, i really like it and it can also be authoritative for a domain.
In the case of my script it forwards queries to the router dns and to 8.8.8.8 but still resolves the private network hosts...
I need this for networking between VMs and I prefer If i didnt use /etc/hosts for that.
Furthermore bind has also a functionality of view external and view internal.In case one has an fqdn with a valid domain owned then you can both host the private network behind the firewall and also the external.
I absolutely love named.........
;)
;)
Top
Locked

Return to “Tips & Tricks by users”