The aim is to setup two DNS servers:
Master DNS server – OpenWRT router -192.168.0.1 – FQDN: ns1.example.com
Slave DNS server – Debian server – 192.168.0.2 – FQDN: ns2.example.com
Web Server – 192.168.0.3 – FQDN: example.com
- Setting the Hostname on the Name Servers
- Install Bind on Both Name Servers
- Configure the Master Bind Server
- Configure the Slave Bind Server
1. Setting the hostname
Edit /etc/hosts
file so it looks like this
127.0.0.1 localhost 192.168.0.1 ns1.example.com ns1
and for debian server:
127.0.0.1 localhost 192.168.0.2 ns2.example.com ns2
then edit the /etc/hostname
so it looks like this:
ns1
and for debian box:
ns2
2. Instal BIND
On the OpenWRT router from the ssh run the following:
Uninstall preinstalled dnsmasq:
/etc/init.d/dnsmasq stop opkg remove dnsmasq
then install BIND
opkg update opkg install bind-server bind-tools
On a debian box run:
sudo apt-get update sudo apt-get install bind9 bind9utils bind9-doc
3. Configure the Master Bind Server
On the OpenWRT box the bind directory structure is a bit different from the one on debian as there is only one file that holds all the config: /etc/bind/named.conf
We need to add few bits to it (highlighted in red)
// this section defines who is allow to submit queries to the server acl goodclients { 192.168.0.0/24; localhost; localnets; }; options { directory "/tmp"; recursion yes; allow-transfer { none; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; // here we define our zones zone "example.com" { type master; file "/etc/bind/zones/db.example.com"; allow-transfer { 192.168.0.2; }; }; zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192.168.0"; allow-transfer { 192.168.0.2; }; };
Create the Forward Zone File
In the /etc/bind folder create zones subfolder then create db.example.com file and paste this content:
$TTL 604800
@ IN SOA ns1.example.com. root.example.com. (
10 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
example.com. IN NS ns1.example.com.
example.com. IN NS ns2.example.com.
; A records for name servers
ns1 IN A 192.168.0.1
ns2 IN A 192.168.0.2
; Other A records
@ IN A 192.168.0.3
www IN A 192.168.0.3
computer1 IN A 192.168.0.4
printer IN A 192.168.0.5
IMPORTANT bit to remember here is to change the serial number each time this file is edited!
Create the Reverse Zone File
In /etc/bind/zones create file: db.192.168.0 and paste this content:
$TTL 604800
@ IN SOA example.com. admin.example.com. (
10 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name servers
IN NS ns1.example.com.
IN NS ns2.example.com.
; PTR Records
1 IN NS ns1.example.com.
2 IN NS ns2.example.com.
3 IN NS www.example.com.
5 IN NS printer.example.com.
4 IN NS computer1.example.com.
Testing
named-checkconf /etc/bind/named.conf
If there is a problem with the config this will tell you where to look in the config file. If the config is fine there is no output.
Next we check our zones:
named-checkzone example.com /etc/bind/zones/db.example.com
If your file has no problems, it should tell you that it loaded the correct serial number and give the “OK” message;
zone example.com/IN: loaded serial 10 OK
then we do the same thing to the reverse lookup zone file.
if everthing is OK the we enable and start the BIND service:
/etc/init.d/named enable /etc/init.d/named start
With the server running run this:
dig ANY intra @localhost
and if everything is setup correctly you should get something like this:
root@wrt:/etc/bind/zones# dig any example.com @localhost ; <<>> DiG 9.9.6-P1 <<>> any example.com @localhost ;; global options: +cmd ;; Got answer: ;; ->>HEADER<
Configure the Slave Bind Server
Configuring the Options File
Now on our debian box we edit the config file
nano /etc/bind/named.conf.options
Edit the options section so it looks like this:
options { directory "/var/cache/bind"; recursion no; allow-transfer { none; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
Save and close the file when you are finished.
Configuring the Local Configuration File
sudo nano /etc/bind/named.conf.local
We will create each of our zone specifications.
First, we will work on the forward zone:
zone "example.com" { };
and edit it so it looks like this:
zone "example.com" { type slave; file "db.example.com"; masters { 192.168.0.1; }; };
This completes our forward zone setup.
We can use this same exact format to take care of our reverse zone config:
zone "0.168.192.in-addr.arpa" { type slave; file "db.192.168.0"; masters { 192.168.0.1; }; };
When you are finished, you can save and close the file.
To check that zone transfer was successful run:
sudo tail -f /var/log/syslog
That should have some entries to indicate that the zone files have been transferred correctly.
To configure DHCP follow here.
Good source of BIND config knowledge here.