Home DNS Server????Yes please!!!
Posted: Mon Dec 23, 2019 8:35 pm
One might wonder why the heck does one need their own dns name server running in their network..
Well I can think of a thousand reasons ......
I always like to install and configure my own dns in every distro I install and I use it for name resolution between VMs and host,openldap and kerberos functionality,apache web servers and most of all because --well it makes you feel linux-y.
If you are also up to the task Lets Go!
First you will need to assign a fully qualified domain name or FQDN for short to your machine.
To do so open a terminal and run:
I wrote a simple script which extracts your network info and then installs the BIND/NAMED DNS name server on your machine.
Before you run the script these commands should work:
hostname
hostname -d OR dnsdomainname
and the /etc/hosts file only contain "127.0.0.1 localhost"
I both include the actual text and I have also uploaded the file.
Here it is:
After you get the script rename it from dnsinstall-vers3.txt to dnsinstall and run "chmod +x dnsinstall" to make it executable.
Then run it as root "sudo bash dnsinstall".
You will have your own dns name server up and running in 30 seconds.
Now your bind dns server is up and running hosting your domain.But what use is a dns server if it is not being used?
To really start using it you have to modify your network interface to use this dns server instead of your routers.
To do so open a terminal and enter the following:
In your case they might differ.You might see your wifi essid or Something like "Wired connection 1" or ethx etc.
Please look at the left column.This is the ifaces profile names whereas the rightmost column are the iface device names.
Continue in the same terminal with:
Best if you could use a GUI-tool like network-manager-applet in gnome or likewise to do all that the easy way.
VERIFY that everything is working:
NOTE:In case you rerun the script after you have assigned your new server as the sole dns provider,you will loose name resolution because the script first will purge all bind9 files and then reinstall bind 9 again.
to avoid such a problem temporarily add a line "nameserver <your-router-ip>" in /etc/resolv.conf and feel free to rerun the script.
I also included a basic script to add A and PTR records to bind.
Rename it to "dns-record" make it executable and run it thus:"sudo bash dns-record <machine-name> <IP>"
If you are also interested in additional functionality to also includ ldap,kerberos and kerberised nfs please have a look here:viewtopic.php?f=23&t=55075&p=549634#p549634
Thats it.
Have fun
Well I can think of a thousand reasons ......
I always like to install and configure my own dns in every distro I install and I use it for name resolution between VMs and host,openldap and kerberos functionality,apache web servers and most of all because --well it makes you feel linux-y.
If you are also up to the task Lets Go!
First you will need to assign a fully qualified domain name or FQDN for short to your machine.
To do so open a terminal and run:
Code: Select all
hostnamectl set-hostname <machine-name>.<domain>.<dom> ###For systemd users OR
echo "<machine-name>.<domain>.<dom>" > /etc/hostname && hostname -F /etc/hostname ###For SysVinit users
Before you run the script these commands should work:
hostname
hostname -d OR dnsdomainname
and the /etc/hosts file only contain "127.0.0.1 localhost"
I both include the actual text and I have also uploaded the file.
Here it is:
Code: Select all
#!/bin/bash
###WRITTEN by alamahant on 26/12/2019
if ! ping -c 1 google.com >> /dev/null;then echo "No Internet Connectivity,EXITING!!!";exit;fi
apt update && apt install net-tools sipcalc
clear
myIP=$(ifconfig | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }')
myNETMASK=$(ifconfig | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $4 }')
myFQDN=$(hostname)
[ ! $(hostname -d) ] || [ ! $(dnsdomainname) ] && echo "THE SCRIPT ENCOUNTERED AN ERROR AND WILL EXIT!!!" && exit || myDOMAIN=$(hostname -d) || myDOMAIN=$(dnsdomainname)
myMACHINE=$(hostname | awk -F. '{ print $1 }')
myINADDR=$(ifconfig | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }' | awk -F. '{ print $3"."$2"."$1 }')
mySERIAL=$(date '+%Y%m%d'01)
myPTR=$(ifconfig | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }' | awk -F. '{ print $4 }')
myNETWORK=$(sipcalc $(ip a | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }') | grep "Network address" | awk '{ print $4 }')
myCIDR=$(ip a | grep $(hostname -I | awk '{ print $1 }') | awk '{ print $2 }' | awk -F/ '{ print $2 }')
myDNS=$(ip route | grep default | awk '{ print $3 }')
myREALM=$(echo ${myDOMAIN^^})
dnsinstall () {
if ! ping -c 1 google.com >> /dev/null;then echo "No Internet Connectivity,EXITING!!!";exit;fi
apt remove --purge bind9
rm -rf /etc/bind >> /dev/null
apt update && apt install bind9
clear
cp -p /etc/bind/named.conf /etc/bind/named.conf.bak
mv /etc/bind/named.conf.options /etc/bind/named.conf.options.bak
mv /etc/bind/named.conf.local /etc/bind/named.conf.local.bak
cat >> /etc/bind/$myDOMAIN.lan << EOF
\$TTL 86400
@ IN SOA $myFQDN. root.$myDOMAIN. (
$mySERIAL ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS $myFQDN.
IN A $myIP
IN MX 10 $myFQDN.
$myMACHINE IN A $myIP
EOF
cat >> /etc/bind/$myINADDR.db << EOF
\$TTL 86400
@ IN SOA $myFQDN. root.$myDOMAIN. (
$mySERIAL ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
IN NS $myFQDN.
IN PTR $myDOMAIN.
IN A $myNETMASK
$myPTR IN PTR $myDOMAIN.
EOF
cat >> /etc/bind/named.conf.options << EOF
options {
directory "/var/cache/bind";
forwarders {
$myDNS; 8.8.8.8;
};
dnssec-enable yes;
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
listen-on port 53 { any; };
allow-query { localhost; $myNETWORK/$myCIDR; };
recursion yes;
allow-recursion { localhost; $myNETWORK/$myCIDR; };
allow-transfer { localhost; $myNETWORK/$myCIDR; };
};
EOF
cat >> /etc/bind/named.conf.local << EOF
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "$myDOMAIN" IN {
type master;
file "/etc/bind/$myDOMAIN.lan";
allow-update { none; };
};
zone "$myINADDR.in-addr.arpa" IN {
type master;
file "/etc/bind/$myINADDR.db";
allow-update { none; };
};
EOF
sed -i 's/OPTIONS="-u bind"/OPTIONS="-4 -u bind"/g' /etc/default/bind9
chown root:bind /etc/bind/named.conf*
pidof /lib/systemd/systemd >> /dev/null && systemctl enable --now bind9 && systemctl restart bind9 && systemctl restart bind9
pidof /sbin/init >> /dev/null && service bind9 restart && service bind9 restart
} ###closing dnsinstall ()
dnsinstall
Then run it as root "sudo bash dnsinstall".
You will have your own dns name server up and running in 30 seconds.
Now your bind dns server is up and running hosting your domain.But what use is a dns server if it is not being used?
To really start using it you have to modify your network interface to use this dns server instead of your routers.
To do so open a terminal and enter the following:
Code: Select all
ip a ###to see your ip address and which interface it belongs to.
nmcli con show ##to see your interface profile names.
AME UUID TYPE DEVICE
br0 6caf8dac-98d6-4863-b97d-143eb2be6d9c bridge br0
br0-slave1 c4a274eb-cc2f-4a37-b542-0bad957f91bc ethernet eth1
eth1 52d6a1c3-d9fe-4303-9e20-f758ed8d3114 ethernet --
Please look at the left column.This is the ifaces profile names whereas the rightmost column are the iface device names.
Continue in the same terminal with:
Code: Select all
nmcli con mod <iface-profile-name> ipv4.dns 127.0.0.1 ####Do this for your primary interface hosting your IP.
nmcli con down <iface-profile-name>
nmcli con up <iface-profile-name>
VERIFY that everything is working:
Code: Select all
ping -c 3 $HOSTNAME
ping -c 3 $(hostname -d)
ping -c3 $(hostname | awk -F. '{ print $1 }')
ping -c 3 google.com
to avoid such a problem temporarily add a line "nameserver <your-router-ip>" in /etc/resolv.conf and feel free to rerun the script.
I also included a basic script to add A and PTR records to bind.
Rename it to "dns-record" make it executable and run it thus:"sudo bash dns-record <machine-name> <IP>"
If you are also interested in additional functionality to also includ ldap,kerberos and kerberised nfs please have a look here:viewtopic.php?f=23&t=55075&p=549634#p549634
Thats it.
Have fun