Install Configure local DNS Server Ubuntu 12.10 / 12.04 / 11.10


The Domain Name System (DNS) is a standard technology for managing the names of Web sites and other Internet domains. DNS technology allows you to type names into your Web browser like techienote.com and your computer to automatically find that address on the Internet. A key element of the DNS is a worldwide collection of DNS servers.

DNS server is any computer registered to join the Domain Name System. A DNS server runs special-purpose networking software, features a public IP address, and contains a database of network names and addresses for other Internet hosts.

For more info see How Internet Works

A local DNS server which performs domain name lookup is usually located on the network to which your computer is attached. If you are using an Internet Service Provider (ISP), your DNS server is at your ISP. If you are using the network at your college or your office, you probably have a local DNS server somewhere near you at the server room.

Local DNS server is very useful for small offices who use to have multiple internal websites for employees. This is the very cheap dedicated hosting solution, where you can use your LAMP server to develop websites and local DNS server for managing DNS records.

When you are on your computer, you will at some point type in the name of a computer somewhere on your local network or on the Internet. Your resolver software running on your computer looks in its local cache. If it does not find an answer, it sends that computer name to a DNS server.

Earlier we have seen how to install DNS server on Ubuntu 10.10. In this tutorial we will see how to setup Local DNS server on Ubuntu 12.10. We will be using bind9 as a local DNS Server.

Note that this method will also work on Ubuntu 12.04 and 11.10

In this whole Step By Step Guide we will be going to learn cover following topics

Installation
Configuration
	Caching Nameserver
	Primary Master
Troubleshooting
	Testing
	Logging
Some common records type

Step By Step Guide to Install and Configure Local DNS Server on Ubuntu 12.10
Install Configure local DNS Server ubuntu

Step 1: We are going to use bind as our DNS server software. We will be installing bind9 on our ubuntu system. Open a command prompt and run following command to install bind9 on your system

sudo apt-get -y install bind9

Step 2: The DNS configuration files are stored in the /etc/bind directory. The primary configuration file is /etc/bind/named.conf.

The include line specifies the filename which contains the DNS options. The directory line in the /etc/bind/named.conf.options file tells DNS where to look for files. All files BIND uses will be relative to this directory.

The file named /etc/bind/db.root describes the root nameservers in the world. The servers change over time, so the /etc/bind/db.root file must be maintained now and then. This is usually done as updates to the bind9 package. The zone section defines a master server, and it is stored in a file mentioned in the file option.

It is possible to configure the same server to be a caching name server, primary master, and secondary master. A server can be the Start of Authority (SOA) for one zone, while providing secondary service for another zone. All the while providing caching services for hosts on the local LAN.

To Configure the DNS to cache requests and forward unknown requests to other DNS servers open /etc/bind/named.conf.options file :

sudo vi /etc/bind/named.conf.options

Step 2.1: Uncomment or add the forwarders section and replace the x:es with the ip-address to the primary and secondary dns of your isp:

forwarders {
        x.x.x.x;
        x.x.x.x;
};

Replace X.X.X.X with the IP Adresses of actual nameservers. I am using Google Public DNS as my forwarders, currently 8.8.8.8 and 8.8.4.4

By completing Step 1 to 2.1 your local caching nameserver is ready.

Below steps are for configuring local DNS server for small office, schools

Step 3: Make the server use its own DNS for look-ups. I always prefer to assign static ip for our critical server. For detailed explaination see How to Configure Static IP on Ubuntu

Step 3.1: Edit /etc/network/interfaces

sudo vi /etc/network/interfaces

Step 3.2: Change or add the dns-nameserver, dns-search and dns-domain directives:

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.1.98
        netmask 255.255.255.0
        gateway 192.168.1.1
        network 192.168.1.0
        broadcast 192.168.1.255
        dns-nameservers 127.0.0.1
        dns-search techienote.home
        dns-domain techienote.home

Note 1: techienote.home is the domain name of our local network in this guide. A DNS search directive is used to eliminate the need of typing the FQDN when looking up local records.

Note 2: This setup must also be done for other Ubuntu clients that use a static IP. But then it should point to the IP of our DNS server. If you have a DHCP server you should specify your DNS IP in its settings, as well as the search domain.

Step 4: Now we will configured BIND9 as the Primary Master for the techienote.home. Simply replace techienote.home with your FQDN (Fully Qualified Domain Name).

To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the first step is to edit /etc/bind/named.conf.local:

sudo vi /etc/bind/named.conf.local

Step 4.1: Add a zone for the local domain:

zone "techienote.home" IN {
    type master;
    file "/etc/bind/zones/techienote.home.db";
};

Step 4.2: Also add a zone for reverse dns lookups for the local network:

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/rev.1.168.192.in-addr.arpa";
};

Note: Make sure that it’s literal quotes that are used, so that they aren’t converted if you copy and past them to the terminal. You get literal quotes on a Swedish keyboard by pressing “Shif+2″, on an English keybord it might be “Shif+,” ?

Step 5: Create the zones directory

sudo mkdir /etc/bind/zones

Step 6: Configure the local domain:

sudo vi /etc/bind/zones/techienote.home.db

Step 6.1: Example settings, change to match your host names and ip-addresses:

; Use semicolons to add comments.
; Host-to-IP Address DNS Pointers for techienote.home
; Note: The extra “.” at the end of the domain names are important.
 
; The following parameters set when DNS records will expire, etc.
; Importantly, the serial number must always be iterated upward to prevent
; undesirable consequences. A good format to use is YYYYMMDDII where
; the II index is in case you make more that one change in the same day.
$ORIGIN .
$TTL 86400      ; 1 day
techienote.home. IN SOA server.techienote.home. hostmaster.techienote.home. (
    2012111302 ; serial
    8H ; refresh
    4H ; retry
    4W ; expire
    1D ; minimum
)
 
; NS indicates that server is the name server on techienote.home
techienote.home. IN NS server.techienote.home.
 
$ORIGIN techienote.home.
 
; Set the address for localhost.techienote.home
localhost    IN A 127.0.0.1
 
; Set the hostnames in alphabetical order
server       IN A 192.168.1.98

Step 6.2: Create and edit the reverse lookup configuration file

sudo vi /etc/bind/zones/rev.1.168.192.in-addr.arpa

Example settings, reversed of the above:

; IP Address-to-Host DNS Pointers for the 192.168.1 subnet
@ IN SOA server.techienote.home. hostmaster.techienote.home. (
    2012111302 ; serial
    8H ; refresh
    4H ; retry
    4W ; expire
    1D ; minimum
)
; define the authoritative name server
           IN NS server.techienote.home.
; our hosts, in numeric order
98        IN PTR server.techienote.home.

Note : You must increment the Serial Number every time you make changes to the zone file. If you make multiple changes before restarting BIND9, simply increment the Serial once. Many admins like to use the last date edited as the serial of a zone, such as 2012010100 which is yyyymmddss (where ss is the Serial Number)

Step 7: Restart services to use the new settings:

sudo service bind9 restart

Step 8: Restart the network interface that you changed in step 3.2:

sudo nohup sh -c "ifdown eth0 && ifup eth0"

Note : that networking restart has been deprecated, see this post for more information.

Your DNS server should be running, however it is best to check. Open up a terminal and type:

sudo netstat -uap

which will show you the following information:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 server.techienot:domain *:*                                 1002/named      
udp        0      0 localhost:domain        *:*                                 1002/named      
udp        0      0 *:bootps                *:*                                 1020/dhcpd      
udp        0      0 *:48749                 *:*                                 547/avahi-daemon: r
udp        0      0 *:29300                 *:*                                 1020/dhcpd      
udp        0      0 *:mdns                  *:*                                 547/avahi-daemon: r

Step 9: Test that the dns look-ups works with the local server:

host techienote.com

The response should be:

techienote.com has address 174.122.2.251
techienote.com mail is handled by 0 techienote.com.

Step 10: Test that all of your computers are listed with the following command:

host -l techienote.home

The output should list all of your entered hosts:

techienote.home name server server.techienote.home.
localhost.techienote.home has address 127.0.0.1
server.techienote.home has address 192.168.1.98

Step 11: Test that the reverse lookup works:

host 192.168.1.98

Response:

98.1.168.192.in-addr.arpa domain name pointer server.techienote.home.

Another way to test your zone files is by using the named-checkzone utility installed with the bind9 package. This utility allows you to make sure the configuration is correct before restarting BIND9 and making the changes live.

Step 12: To test our techienote Forward zone file enter the following from a command prompt:

named-checkzone techienote.home /etc/bind/zones/techienote.home.db

If everything is configured correctly you should see output similar to:

zone techienote.home/IN: loaded serial 6
OK

Step 13: Similarly, to test the Reverse zone file enter the following:

named-checkzone 1.168.192.in-addr.arpa /etc/bind/zones/rev.1.168.192.in-addr.arpa

The output should be similar to:

zone 1.168.192.in-addr.arpa/IN: loaded serial 3
OK

Note 1 : The Serial Number of your zone file will probably be different.

Note 2 : The default directory for non-authoritative zone files is /var/cache/bind/ This directory is also configured in AppArmor to allow the named daemon to write to it

Note 3 : By default you BIND9 logs will get recored in /var/log/syslog

Step 14: BIND9 has a wide variety of logging configuration options available. There are two main options. The channel option configures where logs go, and the category option determines what information to log.

If no logging option is configured the default option is:

logging {
     category default { default_syslog; default_debug; };
     category unmatched { null; };
};

Step 15: If you want to send debug messages related to DNS queries to a separate file you need to edit /etc/bind/named.conf.local and add the following:

logging {
channel query.log {      
    file "/var/log/query.log";
    severity debug 3; 
}; 
};

Step 16: Next, configure a category to send all DNS queries to the query file:

logging {
channel query.log {      
    file "/var/log/query.log"; 
    severity debug 3; 
}; 
category queries { query.log; }; 
};

Note: the debug option can be set from 1 to 3. If a level isn’t specified level 1 is the default.

Step 17: Since the named daemon runs as the bind user the /var/log/query.log file must be created and the ownership changed:

sudo touch /var/log/query.log
sudo chown bind /var/log/query.log

Step 18: Before named daemon can write to the new log file the AppArmor profile must be updated. First, edit /etc/apparmor.d/usr.sbin.named and add:

/var/log/query.log w,

Step 19: Next, reload the profile:

cat /etc/apparmor.d/usr.sbin.named | sudo apparmor_parser -r

Step 20: Now restart BIND9 for the changes to take effect:

sudo service bind9 restart

You should see the file /var/log/query.log fill with query information. This is a simple example of the BIND9 logging options.

Common Record Types

Following are the most common DNS record types you should know.

A record: This record maps an IP Address to a hostname.

www      IN    A      192.168.1.98

CNAME record: Used to create an alias to an existing A record. You cannot create a CNAME record pointing to another CNAME record.

web     IN    CNAME  www

MX record: Used to define where email should be sent to. Must point to an A record, not a CNAME.

IN    MX  1   mail.techienote.home.
mail    IN    A       192.168.1.98

NS record: Used to define which servers serve copies of a zone. It must point to an A record, not a CNAME. This is where Primary and Secondary servers are defined.

You should have a firewall between this server and the internet and make sure that the dns port (53) is not forwarded to your Ubuntu server. Otherwise your dns server will be open for anyone in the world to use. With this setup it is only intended to be used within your local network.

One Comments

Leave a Reply

rss twitter facbook

Categories

Archives